Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Slow Internet Explorer and Folder Browsing
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-11-2008, 12:03 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Slow Internet Explorer and Folder Browsing
My computer was infected with the AntivirusXP 2008 trojan yesterday. Ever since I got rid of it using Spybot, Panda, adaware, and Symantec Antivirus Corporate, everything went back to normal except anything to do with explorer. When I'm browsing through any folder on my computer, there is a 5 second delay in displaying it's contents no matter how many files are in it. Internet explorer also takes 5 seconds between clicking on links to view them. When I use Firefox, everything is normal and fast. I checked explorer.exe and everytime I try to browse my folders, the CPU usage spikes to 50%.

Here is my HiJackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:52:44 PM, on 8/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\PrintMaster\PMREMIND.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.casharrives365.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094708655453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129180172375
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://tgs.gov.mb.ca/roadinfo/help/downLoadIE/Acgm.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)

_________________________________

Any help would be greatly appreciated. Thanks!
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-11-2008, 12:58 PM   #2 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
I couldn't edit my original post so I have to reply to give you the proper information.

Deckard's System Scanner v20071014.68
Run by user on 2008-08-11 13:40:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
6: 2008-08-11 18:40:26 UTC - RP6 - Deckard's System Scanner Restore Point
5: 2008-08-11 17:35:25 UTC - RP5 - Restore Operation
4: 2008-08-11 15:33:17 UTC - RP4 - Software Distribution Service 3.0
3: 2008-08-11 05:02:49 UTC - RP3 - Installed Windows XP Service Pack 2.
2: 2008-08-11 02:43:31 UTC - RP2 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-08-10 21:41:01 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as user.exe) ------------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-08-11 13:42:25
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\stardock\SDMCP.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\user\Desktop\dss.exe
C:\WINDOWS\system32\wscntfy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\PrintMaster\PMREMIND.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://www.casharrives365.com (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...22/wmv9VCM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094708655453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129180172375
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://tgs.gov.mb.ca/roadinfo/help/downLoadIE/Acgm.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Program Files\Common Files\stardock\MCPCore.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -start -scm


--
End of file - 11941 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\HIJACK~1\backups\) --------------------

backup-20060316-155144-354 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
backup-20060316-155144-574 O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
backup-20060316-155144-657 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060316-155146-365 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
backup-20060316-155146-410 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
backup-20060316-155146-712 O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
backup-20060316-155146-897 O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 JiaoCap (JiaoCap, WDM Video Capture for VCDCut) - c:\windows\system32\drivers\jiaocap.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
R2 JiaoIO - c:\windows\system32\drivers\jiaoio.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
R3 Pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 VideoAcceleratorEngine - c:\progra~1\speedb~1\videoacceleratorengine.exe -start -scm (file missing)


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\7846B5E01800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\7846B5E01800
Service: NIC1394


-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 11:19:44 0 d-------- C:\Program Files\Panda Security
2008-08-11 00:28:43 0 d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-08-11 00:28:36 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-10 22:39:48 0 d-------- C:\WINDOWS\Prefetch
2008-08-10 21:50:17 1845248 --a------ C:\WINDOWS\system32\win32k.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-08-10 16:20:51 14336 --a------ C:\WINDOWS\system32\el32.dll
2008-07-26 02:55:45 0 d-------- C:\Documents and Settings\user\Application Data\Broderbund
2008-07-26 02:55:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-07-26 02:55:28 0 d-------- C:\Program Files\Broderbund
2008-07-24 23:25:33 0 d-------- C:\Downloads
2008-07-24 19:16:27 57344 --a------ C:\WINDOWS\Uninstaller.exe
2008-07-24 00:16:21 0 d-------- C:\Program Files\Common Files\DiskTrix
2008-07-24 00:03:41 0 d-------- C:\Program Files\UltimateDefrag


-- Find3M Report ---------------------------------------------------------------

2008-08-11 13:42:17 0 d-------- C:\Program Files\Symantec AntiVirus
2008-08-11 13:26:27 0 d-------- C:\Documents and Settings\user\Application Data\uTorrent
2008-08-11 12:50:56 0 d-------- C:\Documents and Settings\user\Application Data\Viewpoint
2008-08-11 12:50:54 0 d-------- C:\Program Files\Viewpoint
2008-08-11 00:07:46 0 d-------- C:\Program Files\Ad-Aware SE Personal
2008-08-10 22:13:10 0 d-------- C:\Program Files\Messenger
2008-08-10 22:09:29 0 d-------- C:\Program Files\Windows NT
2008-08-10 22:09:27 0 d-------- C:\Program Files\Movie Maker
2008-08-08 12:04:14 0 d-------- C:\Documents and Settings\user\Application Data\Hoyle Card Games
2008-08-06 01:54:58 0 d-------- C:\Documents and Settings\user\Application Data\Hoyle Blackjack
2008-08-04 00:25:59 0 d-------- C:\Documents and Settings\user\Application Data\Hoyle Puzzle and Board Games
2008-08-03 23:26:07 0 d-------- C:\Program Files\Encore
2008-08-01 07:42:33 0 d-------- C:\Program Files\Google
2008-07-31 07:49:59 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-31 07:46:54 0 d-------- C:\Program Files\LimeWire
2008-07-31 07:43:36 0 d-------- C:\Program Files\Java
2008-07-31 07:34:31 0 d-------- C:\Program Files\Sierra
2008-07-31 07:29:37 0 d-------- C:\Program Files\ArcSoft
2008-07-31 07:27:26 0 d-------- C:\Documents and Settings\user\Application Data\Adobe
2008-07-31 07:25:33 0 d-------- C:\Program Files\uTorrent
2008-07-29 16:51:41 0 d-------- C:\Documents and Settings\user\Application Data\Nikon
2008-07-29 16:51:40 0 d-------- C:\Program Files\Common Files\Nikon
2008-07-24 21:21:04 0 d-------- C:\Program Files\IsoBuster
2008-07-24 00:16:21 0 d-------- C:\Program Files\Common Files


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [01/08/2004 01:54 PM C:\WINDOWS\SOUNDMAN.EXE]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [05/15/2003 06:45 PM]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [05/15/2003 06:41 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [08/25/2004 01:52 PM]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 11:22 AM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 03:46 PM]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 04:04 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 10:34 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [06/02/2005 09:21 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [06/23/2005 07:27 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 07:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 12:34 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [05/30/2008 02:45 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [07/30/2008 02:45 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"POSTRBT"=C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe /REMEDIATE

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 8:16:50 PM]
Event Reminder.lnk - C:\Program Files\PrintMaster\PMREMIND.EXE [6/6/1998 10:33:30 AM]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [7/19/2003 4:48:42 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 11:05:26 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2/17/2005 12:19:11 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=0 (0x0)
"NoDispAppearancePage"=0 (0x0)
"NoColorChoice"=0 (0x0)
"NoSizeChoice"=0 (0x0)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"NoVisualStyleChoice"=0 (0x0)
"NoDispSettingsPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"NoSaveSettings"=0 (0x0)
"NoThemesTab"=0 (0x0)
"ForceActiveDesktopOn"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll 01/31/2005 02:13 PM 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\kdykd.exe]
C:\WINDOWS\system32\kdykd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
"C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
"C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhctbaj0e7fn]
C:\Program Files\rhctbaj0e7fn\rhctbaj0e7fn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C:\WINDOWS\system32\kdykd.exe"=C:\WINDOWS\system32\kdykd.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

*Newly Created Service* - PAVBOOT

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0D039E0-C6F0-CC70-A44C-B49BC97A72AA}]
C:\WINDOWS\system32\My_Server.exe



-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8997 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-08-11 13:43:22 ------------
Attached Files
File Type: txt extra.txt (28.6 KB, 0 views)
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 12:22 AM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
Hello y2jericho,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  2. Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 10:42 AM   #4 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried, Thanks for replying

After running combofix, The same problems as my original post still exist.

Here are the logs for Combo and HiJack.
_____________________________________________

ComboFix 08-08-14.05 - user 2008-08-15 11:08:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.547 [GMT -5:00]
Running from: C:\Documents and Settings\user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\VQ6DNAG6\interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\#SharedObjects\VQ6DNAG6\interclick.com\ud.sol
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\user\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\user\Cookies\user@2o7[1].txt
C:\Documents and Settings\user\Cookies\user@64.233.167[2].txt
C:\Documents and Settings\user\Cookies\user@72.14.203[2].txt
C:\Documents and Settings\user\Cookies\user@72.14.205[1].txt
C:\Documents and Settings\user\Cookies\user@a.chryslerllc[1].txt
C:\Documents and Settings\user\Cookies\user@a.consumerreports[2].txt
C:\Documents and Settings\user\Cookies\user@a.hasbro[2].txt
C:\Documents and Settings\user\Cookies\user@a.tomshardware[2].txt
C:\Documents and Settings\user\Cookies\user@account.live[2].txt
C:\Documents and Settings\user\Cookies\user@ads.pointroll[1].txt
C:\Documents and Settings\user\Cookies\user@ads.revsci[2].txt
C:\Documents and Settings\user\Cookies\user@adwatcher[2].txt
C:\Documents and Settings\user\Cookies\user@aweber[1].txt
C:\Documents and Settings\user\Cookies\user@bestbuy[3].txt
C:\Documents and Settings\user\Cookies\user@buysell[1].txt
C:\Documents and Settings\user\Cookies\user@ca.ebayrtm[2].txt
C:\Documents and Settings\user\Cookies\user@clicktorrent[1].txt
C:\Documents and Settings\user\Cookies\user@cnet[1].txt
C:\Documents and Settings\user\Cookies\user@co-opworld[1].txt
C:\Documents and Settings\user\Cookies\user@ebay.co[1].txt
C:\Documents and Settings\user\Cookies\user@ebay[1].txt
C:\Documents and Settings\user\Cookies\user@ebay[2].txt
C:\Documents and Settings\user\Cookies\user@ehg.fedex[2].txt
C:\Documents and Settings\user\Cookies\user@eyereturn[1].txt
C:\Documents and Settings\user\Cookies\user@ez-tracks[1].txt
C:\Documents and Settings\user\Cookies\user@eztracks.aavalue[2].txt
C:\Documents and Settings\user\Cookies\user@forum.ncixus[2].txt
C:\Documents and Settings\user\Cookies\user@gamespot[2].txt
C:\Documents and Settings\user\Cookies\user@go[2].txt
C:\Documents and Settings\user\Cookies\user@h.starware[1].txt
C:\Documents and Settings\user\Cookies\user@hypertracker[1].txt
C:\Documents and Settings\user\Cookies\user@ign[1].txt
C:\Documents and Settings\user\Cookies\user@indextools[1].txt
C:\Documents and Settings\user\Cookies\user@insightexpressai[1].txt
C:\Documents and Settings\user\Cookies\user@live[1].txt
C:\Documents and Settings\user\Cookies\user@live[3].txt
C:\Documents and Settings\user\Cookies\user@live[4].txt
C:\Documents and Settings\user\Cookies\user@main.ebayrtm[2].txt
C:\Documents and Settings\user\Cookies\user@metacafe[2].txt
C:\Documents and Settings\user\Cookies\user@msn[1].txt
C:\Documents and Settings\user\Cookies\user@msn[3].txt
C:\Documents and Settings\user\Cookies\user@myspace[2].txt
C:\Documents and Settings\user\Cookies\user@ngd.thesun.co[1].txt
C:\Documents and Settings\user\Cookies\user@nohold[2].txt
C:\Documents and Settings\user\Cookies\user@paypal[1].txt
C:\Documents and Settings\user\Cookies\user@questionmarket[1].txt
C:\Documents and Settings\user\Cookies\user@revsci[1].txt
C:\Documents and Settings\user\Cookies\user@secure.ncixus[2].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[1].txt
C:\Documents and Settings\user\Cookies\user@serving-sys[2].txt
C:\Documents and Settings\user\Cookies\user@signup.live[1].txt
C:\Documents and Settings\user\Cookies\user@sp2.information[2].txt
C:\Documents and Settings\user\Cookies\user@speakeasy[1].txt
C:\Documents and Settings\user\Cookies\user@specificclick[2].txt
C:\Documents and Settings\user\Cookies\user@stat.dealtime[1].txt
C:\Documents and Settings\user\Cookies\user@t.spike[2].txt
C:\Documents and Settings\user\Cookies\user@tornadovideos[2].txt
C:\Documents and Settings\user\Cookies\user@tribalfusion[1].txt
C:\Documents and Settings\user\Cookies\user@tv[1].txt
C:\Documents and Settings\user\Cookies\user@walmart[3].txt
C:\Documents and Settings\user\Cookies\user@ws.yellowpages[1].txt
C:\Documents and Settings\user\Cookies\user@www.datalounge[2].txt
C:\Documents and Settings\user\Cookies\user@www.digitalhome.com[2].txt
C:\Documents and Settings\user\Cookies\user@www.mcssl[2].txt
C:\Documents and Settings\user\Cookies\user@yahoo[1].txt
C:\Documents and Settings\user\Cookies\user@youtube[2].txt
C:\Documents and Settings\user\Cookies\user@zap2it[2].txt
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_004744_.tmp.dll
C:\WINDOWS\system32\_004745_.tmp.dll
C:\WINDOWS\system32\_004746_.tmp.dll
C:\WINDOWS\system32\_004747_.tmp.dll
C:\WINDOWS\system32\_004754_.tmp.dll
C:\WINDOWS\system32\_004755_.tmp.dll
C:\WINDOWS\system32\_004756_.tmp.dll
C:\WINDOWS\system32\_004758_.tmp.dll
C:\WINDOWS\system32\_004759_.tmp.dll
C:\WINDOWS\system32\_004762_.tmp.dll
C:\WINDOWS\system32\_004763_.tmp.dll
C:\WINDOWS\system32\_004764_.tmp.dll
C:\WINDOWS\system32\_004765_.tmp.dll
C:\WINDOWS\system32\_004766_.tmp.dll
C:\WINDOWS\system32\_004767_.tmp.dll
C:\WINDOWS\system32\_004768_.tmp.dll
C:\WINDOWS\system32\_004769_.tmp.dll
C:\WINDOWS\system32\_004770_.tmp.dll
C:\WINDOWS\system32\_004771_.tmp.dll
C:\WINDOWS\system32\_004772_.tmp.dll
C:\WINDOWS\system32\_004773_.tmp.dll
C:\WINDOWS\system32\_004774_.tmp.dll
C:\WINDOWS\system32\_004775_.tmp.dll
C:\WINDOWS\system32\_004776_.tmp.dll
C:\WINDOWS\system32\_004777_.tmp.dll
C:\WINDOWS\system32\_004778_.tmp.dll
C:\WINDOWS\system32\_004779_.tmp.dll
C:\WINDOWS\system32\_004780_.tmp.dll
C:\WINDOWS\system32\_004782_.tmp.dll
C:\WINDOWS\system32\_004783_.tmp.dll
C:\WINDOWS\system32\_004784_.tmp.dll
C:\WINDOWS\system32\_004785_.tmp.dll
C:\WINDOWS\system32\_004786_.tmp.dll
C:\WINDOWS\system32\_004787_.tmp.dll
C:\WINDOWS\system32\_004788_.tmp.dll
C:\WINDOWS\system32\_004789_.tmp.dll
C:\WINDOWS\system32\_004790_.tmp.dll
C:\WINDOWS\system32\_004791_.tmp.dll
C:\WINDOWS\system32\_004792_.tmp.dll
C:\WINDOWS\system32\_004793_.tmp.dll
C:\WINDOWS\system32\_004794_.tmp.dll
C:\WINDOWS\system32\_004795_.tmp.dll
C:\WINDOWS\system32\_004796_.tmp.dll
C:\WINDOWS\system32\_004797_.tmp.dll
C:\WINDOWS\system32\_004798_.tmp.dll
C:\WINDOWS\system32\_004799_.tmp.dll
C:\WINDOWS\system32\_004800_.tmp.dll
C:\WINDOWS\system32\_004802_.tmp.dll
C:\WINDOWS\system32\_004803_.tmp.dll
C:\WINDOWS\system32\_004804_.tmp.dll
C:\WINDOWS\system32\_004805_.tmp.dll
C:\WINDOWS\system32\_004807_.tmp.dll
C:\WINDOWS\system32\_004808_.tmp.dll
C:\WINDOWS\system32\_004809_.tmp.dll
C:\WINDOWS\system32\_004810_.tmp.dll
C:\WINDOWS\system32\_004811_.tmp.dll
C:\WINDOWS\system32\_004812_.tmp.dll
C:\WINDOWS\system32\_004813_.tmp.dll
C:\WINDOWS\system32\_004814_.tmp.dll
C:\WINDOWS\system32\_004815_.tmp.dll
C:\WINDOWS\system32\_004817_.tmp.dll
C:\WINDOWS\system32\_004818_.tmp.dll
C:\WINDOWS\system32\_004819_.tmp.dll
C:\WINDOWS\system32\_004820_.tmp.dll
C:\WINDOWS\system32\_004822_.tmp.dll
C:\WINDOWS\system32\_004824_.tmp.dll
C:\WINDOWS\system32\_004825_.tmp.dll
C:\WINDOWS\system32\_004826_.tmp.dll
C:\WINDOWS\system32\_004827_.tmp.dll
C:\WINDOWS\system32\_004828_.tmp.dll
C:\WINDOWS\system32\_004829_.tmp.dll
C:\WINDOWS\system32\_004830_.tmp.dll
C:\WINDOWS\system32\_004832_.tmp.dll
C:\WINDOWS\system32\_004833_.tmp.dll
C:\WINDOWS\system32\_004834_.tmp.dll
C:\WINDOWS\system32\_004835_.tmp.dll
C:\WINDOWS\system32\_004836_.tmp.dll
C:\WINDOWS\system32\_004837_.tmp.dll
C:\WINDOWS\system32\_004838_.tmp.dll
C:\WINDOWS\system32\_004839_.tmp.dll
C:\WINDOWS\system32\_004841_.tmp.dll
C:\WINDOWS\system32\_004842_.tmp.dll
C:\WINDOWS\system32\_004843_.tmp.dll
C:\WINDOWS\system32\_004844_.tmp.dll
C:\WINDOWS\system32\_004845_.tmp.dll
C:\WINDOWS\system32\_004846_.tmp.dll
C:\WINDOWS\system32\_004847_.tmp.dll
C:\WINDOWS\system32\_004849_.tmp.dll
C:\WINDOWS\system32\_004850_.tmp.dll
C:\WINDOWS\system32\_004851_.tmp.dll
C:\WINDOWS\system32\_004852_.tmp.dll
C:\WINDOWS\system32\_004854_.tmp.dll
C:\WINDOWS\system32\_004856_.tmp.dll
C:\WINDOWS\system32\_004857_.tmp.dll
C:\WINDOWS\system32\_004858_.tmp.dll
C:\WINDOWS\system32\_004859_.tmp.dll
C:\WINDOWS\system32\_004860_.tmp.dll
C:\WINDOWS\system32\_004861_.tmp.dll
C:\WINDOWS\system32\_004862_.tmp.dll
C:\WINDOWS\system32\_004864_.tmp.dll
C:\WINDOWS\system32\_004865_.tmp.dll
C:\WINDOWS\system32\_004866_.tmp.dll
C:\WINDOWS\system32\_004867_.tmp.dll
C:\WINDOWS\system32\_004868_.tmp.dll
C:\WINDOWS\system32\_004869_.tmp.dll
C:\WINDOWS\system32\_004870_.tmp.dll
C:\WINDOWS\system32\_004871_.tmp.dll
C:\WINDOWS\system32\_004873_.tmp.dll
C:\WINDOWS\system32\_004874_.tmp.dll
C:\WINDOWS\system32\_004876_.tmp.dll
C:\WINDOWS\system32\_004878_.tmp.dll
C:\WINDOWS\system32\_004879_.tmp.dll
C:\WINDOWS\system32\_004883_.tmp.dll
C:\WINDOWS\system32\_004884_.tmp.dll
C:\WINDOWS\system32\_004886_.tmp.dll
C:\WINDOWS\system32\_004889_.tmp.dll
C:\WINDOWS\system32\_004891_.tmp.dll
C:\WINDOWS\system32\_004892_.tmp.dll
C:\WINDOWS\system32\_004893_.tmp.dll
C:\WINDOWS\system32\_004894_.tmp.dll
C:\WINDOWS\system32\_004897_.tmp.dll
C:\WINDOWS\system32\_004898_.tmp.dll
C:\WINDOWS\system32\_004899_.tmp.dll
C:\WINDOWS\system32\_004900_.tmp.dll
C:\WINDOWS\system32\_004901_.tmp.dll
C:\WINDOWS\system32\_004906_.tmp.dll
C:\WINDOWS\system32\_004908_.tmp.dll
C:\WINDOWS\system32\_007242_.tmp.dll
C:\WINDOWS\system32\_007243_.tmp.dll
C:\WINDOWS\system32\_007244_.tmp.dll
C:\WINDOWS\system32\_007245_.tmp.dll
C:\WINDOWS\system32\_007252_.tmp.dll
C:\WINDOWS\system32\_007253_.tmp.dll
C:\WINDOWS\system32\_007254_.tmp.dll
C:\WINDOWS\system32\_007255_.tmp.dll
C:\WINDOWS\system32\_007257_.tmp.dll
C:\WINDOWS\system32\_007258_.tmp.dll
C:\WINDOWS\system32\_007261_.tmp.dll
C:\WINDOWS\system32\_007262_.tmp.dll
C:\WINDOWS\system32\_007264_.tmp.dll
C:\WINDOWS\system32\_007265_.tmp.dll
C:\WINDOWS\system32\_007266_.tmp.dll
C:\WINDOWS\system32\_007268_.tmp.dll
C:\WINDOWS\system32\_007271_.tmp.dll
C:\WINDOWS\system32\_007272_.tmp.dll
C:\WINDOWS\system32\_007276_.tmp.dll
C:\WINDOWS\system32\_007277_.tmp.dll
C:\WINDOWS\system32\_007279_.tmp.dll
C:\WINDOWS\system32\_007282_.tmp.dll
C:\WINDOWS\system32\_007284_.tmp.dll
C:\WINDOWS\system32\_007285_.tmp.dll
C:\WINDOWS\system32\_007286_.tmp.dll
C:\WINDOWS\system32\_007287_.tmp.dll
C:\WINDOWS\system32\_007288_.tmp.dll
C:\WINDOWS\system32\_007291_.tmp.dll
C:\WINDOWS\system32\_007292_.tmp.dll
C:\WINDOWS\system32\_007293_.tmp.dll
C:\WINDOWS\system32\_007294_.tmp.dll
C:\WINDOWS\system32\_007295_.tmp.dll
C:\WINDOWS\system32\_007300_.tmp.dll
C:\WINDOWS\system32\_007302_.tmp.dll
C:\WINDOWS\system32\_007303_.tmp.dll
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\userini.exe

.
((((((((((((((((((((((((( Files Created from 2008-07-15 to 2008-08-15 )))))))))))))))))))))))))))))))
.

2008-08-14 22:10 . 2008-08-14 22:10 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-08-14 22:09 . 2008-08-14 22:09 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-08-14 22:06 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-14 22:06 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-14 22:06 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-14 22:06 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-14 22:06 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-08-14 22:06 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-08-14 22:06 . 2001-08-17 14:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-14 22:06 . 2001-08-17 14:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-13 01:23 . 2008-08-13 01:23 142 --a------ C:\WINDOWS\system32\drivers\pxfsf.dat
2008-08-12 12:34 . 2008-08-12 12:34 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 12:34 . 2008-07-30 20:15 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 12:34 . 2008-07-30 20:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-11 16:15 . 2007-03-29 07:56 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-08-11 16:15 . 2007-03-29 07:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-08-11 16:00 . 2008-08-11 16:00 <DIR> d-------- C:\Documents and Settings\user\Application Data\PrevxCSI
2008-08-11 15:45 . 2008-08-13 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2008-08-11 15:35 . 2001-08-17 13:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-08-11 15:34 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-08-11 15:33 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-08-11 15:32 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-08-11 15:31 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-08-11 15:30 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-08-11 15:29 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys
2008-08-11 15:28 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys
2008-08-11 15:27 . 2001-08-17 22:36 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-08-11 15:27 . 2001-09-06 16:54 47,066 --a--c--- C:\WINDOWS\system32\dllcache\ksc.nls
2008-08-11 15:27 . 2001-08-17 22:36 45,568 --a--c--- C:\WINDOWS\system32\dllcache\kdsui.dll
2008-08-11 15:27 . 2001-08-17 22:36 37,376 --a--c--- C:\WINDOWS\system32\dllcache\kousd.dll
2008-08-11 15:27 . 2004-08-03 22:59 34,688 --a--c--- C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-08-11 15:27 . 2001-08-17 12:12 26,442 --a--c--- C:\WINDOWS\system32\dllcache\lanepic5.sys
2008-08-11 15:27 . 2001-08-17 12:12 19,016 --a--c--- C:\WINDOWS\system32\dllcache\ktc111.sys
2008-08-11 15:27 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-11 15:27 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-08-11 15:24 . 2004-08-04 00:56 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-08-11 15:23 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-08-11 15:22 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-08-11 15:21 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-08-11 15:20 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-08-11 15:19 . 2001-08-17 14:05 314,752 --a--c--- C:\WINDOWS\system32\dllcache\camdro21.sys
2008-08-11 14:16 . 2008-08-12 00:19 <DIR> d-------- C:\Program Files\AutoStreamer
2008-08-11 14:10 . 2001-09-06 16:53 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls
2008-08-11 14:09 . 2001-09-06 16:53 189,986 --a--c--- C:\WINDOWS\system32\dllcache\c_1361.nls
2008-08-11 14:08 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-08-11 14:07 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-08-11 14:06 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-08-11 13:40 . 2008-08-11 13:40 <DIR> d-------- C:\Deckard
2008-08-11 11:19 . 2008-08-11 12:49 <DIR> d-------- C:\Program Files\Panda Security
2008-08-11 00:28 . 2008-08-11 00:28 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-08-11 00:28 . 2008-08-11 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-11 00:04 . 2004-08-04 00:56 221,696 --a--c--- C:\WINDOWS\system32\dllcache\seo.dll
2008-08-11 00:04 . 2004-08-04 00:56 189,440 --a--c--- C:\WINDOWS\system32\dllcache\smtpadm.dll
2008-08-11 00:04 . 2004-08-04 00:56 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2008-08-11 00:04 . 2004-08-04 00:56 10,752 --a--c--- C:\WINDOWS\system32\dllcache\smtpapi.dll
2008-08-11 00:04 . 2004-08-04 00:56 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2008-08-11 00:04 . 2004-08-04 00:56 9,728 --a--c--- C:\WINDOWS\system32\dllcache\rwnh.dll
2008-08-11 00:02 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\000001_.tmp
2008-08-10 21:50 . 2007-02-28 04:08 2,136,064 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-08-10 17:36 . 2008-08-10 17:36 88 --a------ C:\WINDOWS\wininit.ini
2008-08-10 16:21 . 2008-08-10 16:21 172 --a------ C:\WINDOWS\el.ini
2008-07-26 02:55 . 2008-07-26 02:55 <DIR> d-------- C:\Program Files\Broderbund
2008-07-26 02:55 . 2008-07-26 02:55 <DIR> d-------- C:\Documents and Settings\user\Application Data\Broderbund
2008-07-26 02:55 . 2008-07-26 02:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Broderbund
2008-07-24 23:25 . 2008-07-24 23:25 <DIR> d-------- C:\Downloads
2008-07-24 19:16 . 1999-03-06 03:55 57,344 --a------ C:\WINDOWS\Uninstaller.exe
2008-07-24 00:17 . 2008-07-24 00:17 3,120 --a------ C:\WINDOWS\YVAJ3BDH.ocx
2008-07-24 00:17 . 2008-07-24 00:17 3,120 --a------ C:\WINDOWS\system32\SBE48W62.ocx
2008-07-24 00:16 . 2008-07-24 00:16 <DIR> d-------- C:\Program Files\Common Files\DiskTrix
2008-07-24 00:03 . 2008-07-29 10:42 <DIR> d-------- C:\Program Files\UltimateDefrag
2008-07-18 00:56 . 2008-04-14 05:42 354,304 --a------ C:\WINDOWS\system32\SET1245.tmp
2008-07-18 00:56 . 2008-04-14 05:40 177,152 --a------ C:\WINDOWS\system32\SET1278.tmp
2008-07-18 00:56 . 2008-04-14 05:42 80,896 --a------ C:\WINDOWS\system32\SET1240.tmp
2008-07-18 00:56 . 2008-04-14 05:42 75,776 --a------ C:\WINDOWS\system32\SET1250.tmp
2008-07-18 00:56 . 2008-04-14 05:41 24,576 --a------ C:\WINDOWS\system32\SET129C.tmp
2008-07-18 00:56 . 2008-04-14 05:42 15,872 --a------ C:\WINDOWS\system32\SET1249.tmp
2008-07-18 00:56 . 2008-04-14 05:42 6,656 --a------ C:\WINDOWS\system32\SET123D.tmp
2008-07-18 00:52 . 2008-04-14 05:42 471,552 --a------ C:\WINDOWS\system32\SET832.tmp
2008-07-18 00:52 . 2008-04-14 05:41 95,744 --a------ C:\WINDOWS\system32\SET838.tmp
2008-07-18 00:50 . 2008-04-14 05:42 2,843,136 --a------ C:\WINDOWS\system32\SET529.tmp
2008-07-18 00:49 . 2008-04-14 05:42 8,461,312 --a------ C:\WINDOWS\system32\SET371.tmp
2008-07-18 00:47 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\004026_.tmp
2008-07-18 00:42 . 2004-08-04 01:00 71,040 --------- C:\WINDOWS\system32\drivers\_004740_.tmp.dll
2008-07-17 23:47 . 2004-08-04 01:00 71,040 --------- C:\WINDOWS\system32\drivers\_004748_.tmp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 16:14 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-08-15 05:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-15 02:33 --------- d-----w C:\Documents and Settings\user\Application Data\uTorrent
2008-08-13 03:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 19:17 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2008-08-12 19:17 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2008-08-11 17:50 --------- d-----w C:\Program Files\Viewpoint
2008-08-11 17:50 --------- d-----w C:\Documents and Settings\user\Application Data\Viewpoint
2008-08-11 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-08-11 05:07 --------- d-----w C:\Program Files\Ad-Aware SE Personal
2008-08-10 21:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-10 21:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-08 17:04 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Card Games
2008-08-06 06:54 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Blackjack
2008-08-04 05:25 --------- d-----w C:\Documents and Settings\user\Application Data\Hoyle Puzzle and Board Games
2008-08-04 04:26 --------- d-----w C:\Program Files\Encore
2008-08-01 12:42 --------- d-----w C:\Program Files\Google
2008-07-31 12:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-31 12:46 --------- d-----w C:\Program Files\LimeWire
2008-07-31 12:43 --------- d-----w C:\Program Files\Java
2008-07-31 12:34 --------- d-----w C:\Program Files\Sierra
2008-07-31 12:29 --------- d-----w C:\Program Files\ArcSoft
2008-07-31 12:25 --------- d-----w C:\Program Files\uTorrent
2008-07-29 21:51 --------- d-----w C:\Program Files\Common Files\Nikon
2008-07-29 21:51 --------- d-----w C:\Documents and Settings\user\Application Data\Nikon
2008-07-25 02:21 --------- d-----w C:\Program Files\IsoBuster
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-17 21:05 22 ----a-w C:\Documents and Settings\All Users\Application Data\ReturnCounter.dat
2007-02-22 06:59 189,760 ----a-w C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2007-02-02 06:35 87,608 ----a-w C:\Documents and Settings\user\Application Data\ezpinst.exe
2007-02-02 06:35 47,360 ----a-w C:\Documents and Settings\user\Application Data\pcouffin.sys
2000-06-05 23:47 32,768 -c--a-w C:\Program Files\mozilla firefox\plugins\AppSub32.dll
2004-10-16 18:16 56 --sh--r C:\WINDOWS\system32\0FA0CD486F.sys
2004-10-16 18:16 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"WeatherEye"="C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe" [2008-05-30 14:45 4501912]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-30 14:45 1829712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 13:52 339968]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 10:34 851968]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 09:21 48752]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2005-06-23 19:27 85696]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 20:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 20:09 842584]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 13:54 65536 C:\WINDOWS\SOUNDMAN.EXE]

C:\Documents and Settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
Event Reminder.lnk - C:\Program Files\PrintMaster\PMREMIND.EXE [1998-06-06 10:33:30 325632]
MRU-Blaster Scheduler.lnk - C:\Program Files\MRU-Blaster\scheduler.exe [2003-07-19 16:48:42 118784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2005-02-17 00:19:11 819200]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispAppearancePage"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 14:13 49152 C:\PROGRA~1\COMMON~1\stardock\MCPStub.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\WINDOWS\pss\NkbMonitor.exe.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Explorer]
--a------ 2008-06-23 04:20 625664 C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe]
--a------ 2008-06-23 04:20 625664 C:\Program Files\Internet Explorer\iexplore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-06-25 00:18 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 18:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a--c--- 2005-01-29 17:32 12598440 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2005-02-24 11:57 2506752 C:\Program Files\Yahoo!\Messenger\YPager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C:\WINDOWS\system32\kdykd.exe"=C:\WINDOWS\system32\kdykd.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\UltimateDefrag\\UDefrag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:auth.keyhole.com

S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;C:\WINDOWS\system32\drivers\aticxcap.sys [2003-04-08 08:47]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);C:\WINDOWS\system32\drivers\aticxtun.sys [2003-04-08 08:47]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;C:\WINDOWS\system32\drivers\aticxxbr.sys [2003-04-08 08:47]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 06:27]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0D039E0-C6F0-CC70-A44C-B49BC97A72AA}]
C:\WINDOWS\system32\My_Server.exe
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-RunOnce-POSTRBT - C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe
Notify-dimsntfy - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-kdykd - C:\WINDOWS\system32\kdykd.exe
MSConfigStartUp-SMrhctbaj0e7fn - C:\Program Files\rhctbaj0e7fn\rhctbaj0e7fn.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\lo9iwjxo.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 11:16:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\stardock\SDMCP.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-08-15 11:23:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-15 16:23:00

Pre-Run: 29,861,728,256 bytes free
Post-Run: 29,668,229,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

546 --- E O F --- 2008-08-13 03:14:22

___________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 11:31:49 AM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MRU-Blaster\scheduler.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\PrintMaster\PMREMIND.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.casharrives365.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094708655453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129180172375
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://tgs.gov.mb.ca/roadinfo/help/downLoadIE/Acgm.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 08:23 PM   #5 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
Quote:
After running combofix, The same problems as my original post still exist.
We're getting there.

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix). Do not run it yet.

----------------------------------------------------------------

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
When the PC restarts, the Fixtool will run again and complete the removal process then display Finished.
  • Press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.

--------------------------------------------------------------------

From Normal Mode...


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Open notepad and copy/paste the text in the quote box below into it:


Quote:

http://www.techsupportforum.com/security-center/hijackthis-log-help/279296-slow-internet-explorer-folder-browsing.html

Collect::
C:\WINDOWS\000001_.tmp
C:\WINDOWS\el.ini
C:\WINDOWS\004026_.tmp
C:\WINDOWS\system32\drivers\_004740_.tmp.dll
C:\WINDOWS\system32\drivers\_004748_.tmp.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"C:\WINDOWS\system32\kdykd.exe"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B0D039E0-C6F0-CC70-A44C-B49BC97A72AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
O15 - Trusted Zone: http://www.casharrives365.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
Save this as "CFScript.txt", and as Type: All Files (*.*)
in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe


When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
  • A browser will open.
  • Simply follow the instructions to copy/paste/send the requested file.
----------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Last edited by Ried; 08-15-2008 at 08:41 PM.
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 10:13 PM   #6 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried,

The same problems still occur and I noticed now that my antivirus program doesn't load at startup anymore since following your instruction.

I know it's still a work in progress. Thanks for the continued help. Attached are the reports you requested and the file from combofix was successfully sent to bleepingcomputer.
Attached Files
File Type: txt ComboFix.txt (20.3 KB, 2 views)
File Type: txt Report.txt (5.4 KB, 1 views)
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-15-2008, 11:14 PM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
Files received, thank you. You may delete the [4]-Submit_2008-08-15@22.50.zip folder from your desktop.

I see Norton running in your logs. When did Norton stop loading at startup? During the first run of ComboFix, or this last one?


It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/par...avwebscan.html

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.



  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------

Run a new scan with HijackThis and save the log.

---------------------------------------------------------------

Please include the following in your next reply:

Kaspersky results
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 12:15 AM   #8 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried,

Symantec Antivirus (not Norton) stopped loading at startup after the first run of combofix and anytime I right-click on any file (or folder), windows installer tries to install Symantec Antivirus but ends up failing and then the right click menu finally shows up.

The CPU usage still spikes to about 76% (highest I've seen so far) and lags for about 5-6 seconds only when using Internet Explorer or browsing through folders via My Computer. However, I've tried to browse folders using Firefox and CPU usage and speed are normal.

Sorry for the slow reply but the Kaspersky scan took over 11 hours to complete.

Attached are the logs.

Thank you again for your continued help.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 17, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 16, 2008 17:09:48
Records in database: 1098609
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Files scanned: 105596
Threat name: 9
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 11:08:55


File name / Threat name / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\018519E2.anr Infected: Trojan-Downloader.Win32.Ani.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\018E17D7.cla Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019241D3.exe Infected: Trojan-Downloader.Win32.Small.on 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F614F3C.ocx Infected: not-a-virus:AdWare.Win32.MediaTickets.w 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60D55114.tmp Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\All Users\Documents\MISC\WPatcherP5575987.rar Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Documents and Settings\All Users\Documents\MISC\WPatcherP5575987.rar Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Documents and Settings\user\Desktop\MISC\Download_Accelerator_(DAP)_v7[1].2.zip Infected: not-a-virus:AdWare.Win32.Dap.f 1
C:\Documents and Settings\user\Desktop\MISC\KeyFinder.zip Infected: not-a-virus:PSWTool.Win32.RAS.a 2
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{58CD0159-8572-4A11-B44D-112FEA900428}\Microsoft\Outlook Express\Sent Items.dbx Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\Documents and Settings\user\Local Settings\Application Data\Identities\{58CD0159-8572-4A11-B44D-112FEA900428}\Microsoft\Outlook Express\Sent Items.dbx Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

The selected area was scanned.


Logfile of HijackThis v1.99.1
Scan saved at 12:59:26 AM, on 8/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\Program Files\PrintMaster\PMREMIND.EXE
O4 - Startup: MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: http://www.casharrives365.com
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094708655453
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129180172375
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://www.walmartphotocentre.ca/activex/PCAXSetup.cab?
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} -
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://tgs.gov.mb.ca/roadinfo/help/downLoadIE/Acgm.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: MCPClient - C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: VideoAcceleratorEngine - Unknown owner - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe (file missing)
Attached Files
File Type: txt Kaspersky.txt (2.4 KB, 1 views)
File Type: txt hijackthislog.txt (10.0 KB, 1 views)
Last edited by Ried; 08-17-2008 at 07:55 PM.
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 09:33 AM   #9 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
All Symantec entries that were in your first HijackThis log, are still present.

Quote:


Running processes
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe


O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
I did notice that in your second post, dss.exe main.txt, this entry appeared:

Quote:
O4 - HKUS\S-1-5-18\..\RunOnce: [POSTRBT] C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [POSTRBT] C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe /REMEDIATE (User 'Default user')
Quote:
Logfile of HijackThis v1.99.1
Scan saved at 12:52:44 PM, on 8/11/2008


DSS Scan saved at 2008-08-11 13:42:25
There was an hour or so between you running HijackThis.exe, and then dss.exe. Do you recall what happened in that hour?

Is this file present on your system C:\Program Files\Norton SystemWorks\Norton AntiVirus\Navw32.exe
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 11:03 AM   #10 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried,

I think I was away from the computer within that hour and then when I came back ran dss.

Navw32.exe doesn't exist on my computer nor do the folders in program files. I used to have Norton SystemWorks but uninstalled it in 2005 via add/remove programs and then installed Symantec Antivirus Corporate Edition.

I do remember right-clicking on the Antivirus Shield in the tray to disable it when you needed me to do the very first combofix. It hasn't shown up in the tray since but I've disabled it before, restarted the computer, and it still showed up in the tray disabled before.
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 11:06 AM   #11 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
I've checked the deletions done by ComboFix and none of them have anything to do with Symantec AV.

Does the Corporate Edition give you an option to Repair the installation?

If not, uninstall, reboot, then reinstall it.

Please let me know how that worked for you.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 11:58 AM   #12 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried,

I tried to repair Antivirus but something interrupted the process and it cancelled. I then went to uninstall it via add/remove programs. I just happened to notice that there were 2 Spybot S&D installed. Once my computer was infected, I remember updating S&D first before scanning with it. It said that there was a new version available do I want to install it and I chose yes. It must have installed overtop the original S&D version so I just uninstalled both S&D along with the Antivirus and what do you know I restart the PC and everything is back to normal speed! I just installed Antivirus again and my shield is back!

Thank you so much for your time and patience with me.

That recovery tool is still showing up at bootup so I'm sure there are still a few things I need to do before we are done here so I'll be awaiting your next reply.
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 08:15 PM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
I'm glad you figured it out.


As per the Kaspersky results, delete the following files:

C:\Documents and Settings\All Users\Documents\MISC\WPatcherP5575987.rar
C:\Documents and Settings\user\Desktop\MISC\Download_Accelerator_(DAP)_v7[1].2.zip
C:\Documents and Settings\user\Desktop\MISC\KeyFinder.zip

--------------------------------------------

Empty your Norton Quarantine folder.

--------------------------------------------

Regarding the Recovery Tool you see at boot up, you want to keep the Recovery Console installed. While it may not be needed at this time, infections these days tend to patch a lot of critical system files which often result in multiple problems, one of which can be an unbootable machine. Having Window's Recovery Console installed on your machine in advance can save a lot of heartache in the future.

For more information about the Recovery Console and how to use it, see this link

--------------------------------------------

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

The following procedure will clear out the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /u

--------------------------------------------------------------------


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 4.0 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.
  • It will block any bad ActiveX from running in Internet Explorer and Firefox if it's listed in their database (which you should update frequently). To view their database and list of restricted sites, launch the program and click on each of the tabs on the main display page.

IESpyAD Zoned Out to block access to malicious websites so you cannot be redirected to them from an infected site or email. This severely impairs attempts to infect your system as it basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


Update, and scan with your onboard Anti Malware and Anti Virus programs regularly. Without regular updates you will not be protected when new malicious programs are released.


In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?
Think Prevention


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

**Kindly respond one more time and let me know if we may consider this thread resolved.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 09:31 PM   #14 (permalink)
Registered User
 
Join Date: Aug 2008
Posts: 8
OS: XP SP2


Re: Slow Internet Explorer and Folder Browsing
Hi Ried,

Thank you so much for taking the time to help. It is much appreciated.

You can definitely consider this thread resolved.

Cheers!
y2jericho is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 08-17-2008, 09:35 PM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,580
OS: WinXP and Vista


Re: Slow Internet Explorer and Folder Browsing
You're most welcome, y2jericho.


Take care.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 02:54 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85