griflord

23 Posts

April 13th, 2009 00:00

very slow internet would like some help please

my internet was running normally than, its like it hit a brick wall every single web page started running very slow even yahoo and googel and those are fast sites. i do not know what the problem may be. I have spybot and malwarebytes none of them picked up a thing and i got that program advanced system care i dont know if that got any thing to do with the problem. i use mcaffe as i firewall. heres my log hopfully u find something

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:01:00 AM, on 4/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\aol\1183087736\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\deonarine\AppData\Local\rindelnk\rindelnk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AOL 9.1\shellmon.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1183087736\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [rindelnk] "C:\Users\deonarine\AppData\Local\rindelnk\rindelnk.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78CE155D-5935-46A0-909B-4292F354B38C}: NameServer = 24.29.103.15,24.29.103.16
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9727 bytes

Responses(12)

griflord

23 Posts

April 13th, 2009 09:00

my computer now says it cant find a antivirus. i have mcaffe and it says i have spyware and other malware protection. dont know what that means

maybe somthing is blocking it

griflord

23 Posts

April 13th, 2009 10:00

my computer is missing an anitvirus protection for some reason.

Bugbatter

20.5K Posts

April 13th, 2009 11:00

Please see if you can update MBAM (Update Tab) and run another scan. Please post that log. Thanks.

Bugbatter

20.5K Posts

April 13th, 2009 12:00

I don't know what Stopzilla picked up. I hope it did not delete some component of McAfee.
We need to see some additional information about what is happening in your machine.

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool.
Click Yes at the prompt for Optional Scan.
When done, DDS will open two (2) logs
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.
Copy/paste both logs to your reply on the forum.
Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE.

griflord

23 Posts

April 13th, 2009 12:00

i just went and got a 1 year subscription with stopzilla and it picked up a whole bunch of junk. so i got rid of it . but my computer still says im missing malware protection even though i got mcaffe mabe its a virus blocking it i dont know maybe you do . anyways this is my mbam log

Malwarebytes' Anti-Malware 1.36
Database version: 1976
Windows 6.0.6001 Service Pack 1

4/13/2009 1:57:37 PM
mbam-log-2009-04-13 (13-57-37).txt

Scan type: Quick Scan
Objects scanned: 66652
Time elapsed: 4 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Bugbatter

20.5K Posts

April 13th, 2009 13:00

Please remove P2P programs. The nature of such software and the high incidence of malware in files downloaded with them is counter productive to restoring your PC to a healthy state. That includes BitTorrent and similar programs. There is a list HERE

Let me know after you have done that.

griflord

23 Posts

April 13th, 2009 13:00

here are the logs first the dds

DDS (Ver_09-03-16.01) - NTFSx86
Run by deonarine at 14:58:57.63 on Mon 04/13/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.887 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\aol\1183087736\ee\aolsoftware.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\deonarine\AppData\Local\rindelnk\rindelnk.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Users\deonarine\Desktop\dds.pif

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uStart Page = hxxp://www.aol.com/
uSearch Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
mSearchURL = hxxp://www.google.com/
mSearchAssistant = hxxp://www.google.com/
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -

c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} -

c:\program files\aim toolbar\aimtb.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program

files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program

files\stopzilla!\SZSG.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-

8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1

\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program

files\java\jre1.6.0\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program

files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program

files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim

toolbar\aimtb.dll
BHO: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program

files\bae\BAE.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program

files\stopzilla!\SZIEBHO.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim

toolbar\aimtb.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program

files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!

\SZSG.dll
uRun: [rindelnk] "c:\users\deonarine\appdata\local\rindelnk\rindelnk.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [HostManager] c:\program files\common files\aol\1183087736\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0

\reader\Reader_sl.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P

dellsupportcenter
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-

us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} -

c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} -

c:\program files\aim toolbar\aimtb.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} -

hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-

1719D1177202/LegitCheckControl.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} -

hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} - hxxp://radaol-prod-web-

rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -

hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} -

hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
TCP: {78CE155D-5935-46A0-909B-4292F354B38C} = 24.29.103.15,24.29.103.16
TCP: {8AFA04B5-D0CC-483F-BA0E-88DF01D664A5} = 205.188.146.145
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\deonar~1

\appdata\roaming\mozilla\firefox\profiles\dbv4twat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.11);user_pref

(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-3-12 54656]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search &

destroy\SDWinSec.exe [2008-8-22 1153368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program

files\viewpoint\common\ViewpointService.exe [2008-1-7 24652]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS

[2008-7-31 84832]
S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32

\drivers\athru6.sys [2007-7-5 873472]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2008-7-28

20608]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program

files\google\google desktop search\GoogleDesktop.exe [2007-6-22 29744]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2008-7-10 36928]

============== File Associations ===============

regfile=regedit.exe "%1" %*

=============== Created Last 30 ================

2009-04-13 13:55 96 a------- c:\windows\system32\drivers\kgpfr2.cfg
2009-04-13 13:05 1,696 a------- c:\windows\system32\drivers\kgpcpy.cfg
2009-04-13 12:06

--d----- c:\programdata\SITEguard
2009-04-13 12:06 --d----- c:\progra~2\SITEguard
2009-04-13 12:05 --d----- c:\program files\STOPzilla!
2009-04-13 12:05 --d----- c:\program files\common files\iS3
2009-04-13 12:05 --d----- c:\programdata\STOPzilla!
2009-04-13 12:05 --d----- c:\progra~2\STOPzilla!
2009-04-09 09:46 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-09 09:46 23,400 a------- c:\windows\system32

\drivers\GEARAspiWDM.sys
2009-04-09 09:45

--d----- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-

D8F42DBFF906}
2009-04-09 09:45

--d----- c:\program files\iTunes
2009-04-09 09:45 --d----- c:\progra~2\{8CD7F5AF-ECFA-4793-BF40-

D8F42DBFF906}
2009-04-06 14:41

--dsh--- C:\found.000
2009-04-05 00:20 --d----- c:\users\deonar~1\appdata\roaming\IObit
2009-04-05 00:19 --d----- c:\program files\IObit
2009-03-31 15:28 --d----- c:\program files\KOEI
2009-03-31 14:57 17,408 a----r-- c:\windows\system32\SZIO5.dll
2009-03-31 14:56 294,912 a----r-- c:\windows\system32\SZBase5.dll
2009-03-31 14:55 540,672 a----r-- c:\windows\system32\SZComp5.dll
2009-03-30 22:07 --d----- c:\users\deonar~1\appdata\roaming\DAEMON

Tools Pro
2009-03-30 22:07

--d----- c:\programdata\DAEMON Tools Lite
2009-03-30 22:07 --d----- c:\progra~2\DAEMON Tools Lite
2009-03-30 22:06 --d----- c:\users\deonar~1\appdata\roaming\DAEMON

Tools Lite
2009-03-30 13:02 338,304 a------- c:\windows\system32\_AxShlEx.dll
2009-03-27 10:56 126,976 a----r-- c:\windows\system32\IS3HTUI5.dll
2009-03-27 10:55 393,216 a----r-- c:\windows\system32\IS3DBA5.dll
2009-03-27 10:55 372,736 a----r-- c:\windows\system32\IS3UI5.dll
2009-03-27 10:55 61,440 a----r-- c:\windows\system32\IS3Hks5.dll
2009-03-27 10:54 23,040 a----r-- c:\windows\system32\IS3XDat5.dll
2009-03-27 10:54 221,184 a----r-- c:\windows\system32\IS3Win325.dll
2009-03-27 10:54 94,208 a----r-- c:\windows\system32\IS3Inet5.dll
2009-03-27 10:53 90,112 a----r-- c:\windows\system32\IS3Svc5.dll
2009-03-27 10:50 716,800 a----r-- c:\windows\system32\IS3Base5.dll
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-24 17:29 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-03-20 18:52 385,024 a------- c:\windows\onfl84583.exe
2009-03-20 18:52

--d----- c:\program files\IEToolbar
2009-03-20 18:52 202,376 a------- c:\windows\sdbmw4466.exe
2009-03-18 22:15 --d----- c:\program files\Alcohol Soft
2009-03-18 22:12 717,296 a------- c:\windows\system32\drivers\sptd.sys

==================== Find3M ====================

2009-04-09 09:44 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-09 09:44 86,016 a------- c:\windows\inf\infstor.dat
2009-04-09 09:44 51,200 a------- c:\windows\inf\infpub.dat
2009-04-06 15:32 38,496 a------- c:\windows\system32

\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-12 12:18 54,656 a----r-- c:\windows\system32\drivers\SZKG.sys
2009-02-08 23:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-02-06 19:52 49,504 a------- c:\windows\system32\sirenacm.dll
2009-01-15 02:11 827,392 a------- c:\windows\system32\wininet.dll
2008-12-03 10:59 174 a--sh--- c:\program files\desktop.ini
2008-12-03 10:49 665,600 a------- c:\windows\inf\drvindex.dat
2008-07-14 21:53 4,244 a------- c:\users\deonar~1

\appdata\roaming\wklnhst.dat
2008-02-09 16:54 262,144 a------- c:\progra~2\ntuser.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-06-22 21:01 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:59:59.12 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 6/22/2007 1:07:30 PM
System Uptime: 4/13/2009 1:04:43 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG864
Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz |

Microprocessor | 1862/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 189.076 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.135 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP895: 4/9/2009 9:43:42 AM - Device Driver Package Install: Apple,

Inc. Universal Serial Bus controllers
RP896: 4/10/2009 3:08:17 PM - Scheduled Checkpoint
RP897: 4/11/2009 12:21:44 PM - Scheduled Checkpoint
RP898: 4/12/2009 2:07:49 PM - Scheduled Checkpoint
RP899: 4/13/2009 12:04:25 PM - Installed STOPzilla. Available with

Windows Installer version 1.2 and later.
RP900: 4/13/2009 1:07:57 PM - Windows Update

==== Installed Programs ======================

µTorrent
32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Setup
Adobe Shockwave Player 11
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced SystemCare 3
AIM 6
AIMTunes
AIO_CDA_ProductContext
AIO_CDA_Software
AIO_Scan
AOL Install
AOL Mail and AIM Gadget
AOL Uninstaller (Choose which Products to Remove)
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Control Center
Audacity 1.2.6
AudibleManager
AutoUpdate
AviSynth 2.5
BlackBerry Desktop Software 4.2.2
Bonjour
BufferChm
C5100
c5100_Help
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Arabic
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Spanish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Polish
CCC Help Portuguese
CCC Help Spanish
CCC Help Thai
CCleaner (remove only)
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Copy
Creative Removable Disk Manager
Creative System Information
CustomerResearchQFolder
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DocProc
DocProcQFolder
Download Updater (AOL LLC)
DPS
DVD Decrypter (Remove Only)
Dynasty Warriors 6
eSupportQFolder
Fax
Free DVD Ripper Version 2.25
Games, Music, & Photos Launcher
Google Desktop
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart Essential
HP Photosmart.All-In-One Driver Software 8.0 .A
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Matrix Storage Manager
Internet Service Offers Launcher
iTunes
Java(TM) SE Runtime Environment 6
LimeWire 4.12.15
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.0.8)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
NetWaiting
NVIDIA Drivers
PDF Settings
Picasa 2
PowerISO
Product Documentation Launcher
QuickTime
RealPlayer
RocketReader Version 8.00
Roxio Creator Tools
Roxio Media Manager
Roxio MyDVD DE
Roxio Update Manager
RTC Client API v1.2
Safari
Scan
SigmaTel Audio
Skins
SmartSoft Video Converter
SolutionCenter
Sonic Activation Module
Sonic RecordNow Copy
Sony DVD Architect Studio 4.5
Sony Vegas Movie Studio 8.0
Spybot - Search & Destroy
Status
STOPzilla
TestDrive Client
Toolbox
TrayApp
UnloadSupport
URL Assistant
User's Guides
Veoh Web Player Beta
Videora iPhone Converter 4.06
Viewpoint Media Player
Watchtower Library 2008 - English
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR
WinZip
WinZip Self-Extractor
XLink Kai Evolution 7
Xvid 1.1.2 final uninstall
XviD4PSP 5.0
Yahoo! Install Manager
Yahoo! Music Jukebox
Yahoo! Toolbar
YouTube Downloader App 1.02
ZyDAS IEEE 802.11 b+g Wireless LAN - USB

==== Event Viewer Messages From Past Week ========

4/6/2009 7:01:36 AM, Error: volmgr [46] - Crash dump

initialization failed!
4/6/2009 12:37:46 PM, Error: bowser [8003] - The master browser

has received a server announcement from the computer GATEWAY-PC

that believes that it is the master browser for the domain on

transport NetBT_Tcpip_{78CE155D-5935-46A0-909B-4292F35. The master

browser is stopping or an election is being forced.
4/6/2009 2:43:39 PM, Error: EventLog [6008] - The previous system

shutdown at 2:37:45 PM on 4/6/2009 was unexpected.
4/6/2009 2:43:41 PM, Error: Microsoft-Windows-Kernel-General [5]

- {Registry Hive Recovered} Registry hive (file): '\??

\C:\Users\deonarine\AppData\Local\Microsoft\Windows\UsrClass.dat'

was corrupted and it has been recovered. Some data might have been

lost.
4/6/2009 2:48:01 PM, Error: Service Control Manager [7031] - The

McAfee Real-time Scanner service terminated unexpectedly. It has

done this 1 time(s). The following corrective action will be

taken in 60000 milliseconds: Restart the service.
4/6/2009 3:29:09 PM, Error: Service Control Manager [7031] - The

McAfee Real-time Scanner service terminated unexpectedly. It has

done this 2 time(s). The following corrective action will be

taken in 60000 milliseconds: Restart the service.
4/6/2009 3:35:12 PM, Error: Service Control Manager [7034] - The

McAfee Real-time Scanner service terminated unexpectedly. It has

done this 3 time(s).
4/6/2009 7:19:03 PM, Error: bowser [8003] - The master browser

has received a server announcement from the computer CHRISPC that

believes that it is the master browser for the domain on transport

NetBT_Tcpip_{78CE155D-5935-46A0-909B-4292F354B3. The master

browser is stopping or an election is being forced.

==== End Of File ===========================

griflord

23 Posts

April 13th, 2009 14:00

allright i got rid of 2 programs limewire and utorrent. now the only problem is the virus protection is not found

Bugbatter

20.5K Posts

April 13th, 2009 14:00

* After we begin working, please print or copy all instructions to Notepad in order to assist you when carrying out procedures. Please follow all instructions in sequence. Do not, on your own, install/re-install any programs or run any fixes or scanners that you have not been instructed to use because this may cause conflicts with the tools that I am using. Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. It is understood by the trained analysts that once a helper replies to a log, he continues working with you until the issue is resolved.

* During the course of our cleanup please do not do any additional online work or surfing until we have verified that your system is clean.

* We may be using some specialized tools during our fix. Certain embedded files that are part of legitimate programs or specialized fix tools such as process.exe, restart.exe, SmiUpdate.exe, reboot.exe, ws2fix.exe, prcviewer.exe and nircmd.exe may at times be detected by some anti-virus/anti-malware scanners as a "RiskTool", "Hacking tool", "Potentially unwanted tool", or even "malware (virus/trojan)" when that is not the case. Such programs have legitimate uses in contexts where an authorized user or administrator has knowingly installed it. These detections do not necessarily mean the file is malware or a bad program. It means it has the potential for being misused by others. Anti-virus scanners cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you or even automatically remove them.

* If your replies do not fit in one post while we are handling your issue, please reply to yourself until all text is submitted. It may take several posts.

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

" * Ensure you have disabled all anti virus and anti malware programs (including Stopzilla) so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log for further review.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

* Additional information on A/V control HERE. * ComboFix is not intended for use with servers.

griflord

23 Posts

April 13th, 2009 18:00

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:40 PM, on 4/13/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\aol\1183087736\ee\aolsoftware.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AOL 9.1\shellmon.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - (no file)
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O8 - Extra context menu item: &AIM Toolbar Search - C:\ProgramData\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} (UnagiAx Class) - http://radaol-prod-web-rr.streamops.aol.com/mediaplugin/3.0.84.2/win32/unagi3.0.84.2.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5360C99E-D387-4AB5-A073-1EB599C0D3CF}: NameServer = 205.188.146.145
O17 - HKLM\System\CCS\Services\Tcpip\..\{78CE155D-5935-46A0-909B-4292F354B38C}: NameServer = 24.29.103.15,24.29.103.16
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10311 bytes

griflord

23 Posts

April 13th, 2009 18:00

ComboFix 09-04-13.A2 - deonarine 2009-04-13 20:18.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1164 [GMT -4:00]
Running from: c:\users\deonarine\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IEToolbar
c:\program files\IEToolbar\ECO Bar\basis.xml
c:\program files\IEToolbar\ECO Bar\icons.bmp
c:\program files\IEToolbar\ECO Bar\info.txt
c:\program files\IEToolbar\ECO Bar\uninstall.exe
c:\program files\IEToolbar\ECO Bar\version.txt
c:\program files\IEToolbar\ECO Bar\your_logo.png
c:\windows\sdbmw4466.exe
c:\windows\system32\bsnzafqa.bin
c:\windows\system32\cfg.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-13 20:17 . 2009-04-13 20:18 1136 ----a-w c:\windows\system32\drivers\kgpcpy.cfg
2009-04-13 16:06 . 2009-04-13 16:47 -------- d-----w c:\users\All Users\SITEguard
2009-04-13 16:06 . 2009-04-13 16:47 -------- d-----w c:\programdata\SITEguard
2009-04-13 16:05 . 2009-04-13 16:05 -------- d-----w c:\program files\STOPzilla!
2009-04-13 16:05 . 2009-04-13 16:05 -------- d-----w c:\program files\Common Files\iS3
2009-04-13 16:05 . 2009-04-14 00:15 -------- d-----w c:\users\All Users\STOPzilla!
2009-04-13 16:05 . 2009-04-14 00:15 -------- d-----w c:\programdata\STOPzilla!
2009-04-09 13:46 . 2009-03-19 20:32 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-09 13:46 . 2008-04-17 16:12 107368 ----a-w c:\windows\system32\GEARAspi.dll
2009-04-09 13:46 . 2009-04-09 13:46 -------- dc----w c:\windows\system32\DRVSTORE
2009-04-09 13:45 . 2009-04-09 13:46 -------- d-----w c:\users\All Users\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 13:45 . 2009-04-09 13:46 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 13:45 . 2009-04-09 13:46 -------- d-----w c:\program files\iTunes
2009-04-06 18:41 . 2009-04-06 18:41 -------- d-sh--w C:\found.000
2009-04-05 04:20 . 2009-04-05 17:38 -------- d-----w c:\users\deonarine\AppData\Roaming\IObit
2009-04-05 04:19 . 2009-04-05 04:19 -------- d-----w c:\program files\IObit
2009-03-31 19:47 . 2009-03-31 19:47 -------- d-----w c:\users\deonarine\AppData\Roaming\InstallShield Installation Information
2009-03-31 19:28 . 2009-03-31 19:28 -------- d-----w c:\program files\KOEI
2009-03-31 18:57 . 2009-03-31 18:57 17408 ----a-r c:\windows\system32\SZIO5.dll
2009-03-31 18:56 . 2009-03-31 18:56 294912 ----a-r c:\windows\system32\SZBase5.dll
2009-03-31 18:55 . 2009-03-31 18:55 540672 ----a-r c:\windows\system32\SZComp5.dll
2009-03-31 02:07 . 2009-03-31 02:07 -------- d-----w c:\users\deonarine\AppData\Roaming\DAEMON Tools Pro
2009-03-31 02:07 . 2009-03-31 02:07 -------- d-----w c:\users\deonarine\AppData\Roaming\DAEMON Tools
2009-03-31 02:07 . 2009-03-31 02:07 -------- d-----w c:\users\All Users\DAEMON Tools Lite
2009-03-31 02:07 . 2009-03-31 02:07 -------- d-----w c:\programdata\DAEMON Tools Lite
2009-03-31 02:06 . 2009-03-31 19:26 -------- d-----w c:\users\deonarine\AppData\Roaming\DAEMON Tools Lite
2009-03-30 17:02 . 2007-07-02 10:27 338304 ----a-w c:\windows\system32\_AxShlEx.dll
2009-03-27 14:56 . 2009-03-27 14:56 126976 ----a-r c:\windows\system32\IS3HTUI5.dll
2009-03-27 14:55 . 2009-03-27 14:55 393216 ----a-r c:\windows\system32\IS3DBA5.dll
2009-03-27 14:55 . 2009-03-27 14:55 372736 ----a-r c:\windows\system32\IS3UI5.dll
2009-03-27 14:55 . 2009-03-27 14:55 61440 ----a-r c:\windows\system32\IS3Hks5.dll
2009-03-27 14:54 . 2009-03-27 14:54 23040 ----a-r c:\windows\system32\IS3XDat5.dll
2009-03-27 14:54 . 2009-03-27 14:54 221184 ----a-r c:\windows\system32\IS3Win325.dll
2009-03-27 14:54 . 2009-03-27 14:54 94208 ----a-r c:\windows\system32\IS3Inet5.dll
2009-03-27 14:53 . 2009-03-27 14:53 90112 ----a-r c:\windows\system32\IS3Svc5.dll
2009-03-27 14:50 . 2009-03-27 14:50 716800 ----a-r c:\windows\system32\IS3Base5.dll
2009-03-26 19:23 . 2009-03-26 19:23 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-26 19:23 . 2009-03-26 19:23 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-24 21:29 . 2009-03-24 21:29 2560 ----a-w c:\windows\_MSRSTRT.EXE
2009-03-20 22:52 . 2009-03-20 22:52 -------- d-----w c:\users\deonarine\AppData\Local\rindelnk
2009-03-20 22:52 . 2009-03-20 22:52 385024 ----a-w c:\windows\onfl84583.exe
2009-03-19 02:15 . 2009-03-22 05:05 -------- d-----w c:\program files\Alcohol Soft
2009-03-19 02:12 . 2009-03-19 02:12 717296 ----a-w c:\windows\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 00:15 . 2008-04-11 20:17 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-14 00:15 . 2008-04-11 20:17 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-14 00:15 . 2008-04-11 20:17 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-14 00:10 . 2007-06-22 17:38 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2009-04-14 00:10 . 2007-06-22 17:38 16384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2009-04-14 00:10 . 2006-11-02 13:02 32768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2009-04-13 20:18 . 2008-05-08 15:29 -------- d-----w c:\programdata\Google Updater
2009-04-13 20:17 . 2009-04-13 20:17 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
2009-04-13 20:17 . 2009-04-13 20:17 2048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-04-13 18:50 . 2009-04-13 18:50 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
2009-04-13 18:50 . 2009-04-13 18:50 16384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
2009-04-13 18:50 . 2009-04-13 18:50 32768 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
2009-04-13 15:55 . 2007-06-30 06:38 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-04-13 03:21 . 2008-04-10 02:34 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-09 13:45 . 2007-07-06 21:31 -------- d-----w c:\program files\iPod
2009-04-09 13:45 . 2007-07-06 21:43 -------- d-----w c:\program files\Common Files\Apple
2009-04-09 13:44 . 2008-06-27 19:39 -------- d-----w c:\program files\Bonjour
2009-04-09 13:44 . 2006-11-02 10:25 86016 ----a-w c:\windows\Inf\infstor.dat
2009-04-09 13:44 . 2006-11-02 10:25 51200 ----a-w c:\windows\Inf\infpub.dat
2009-04-09 13:44 . 2006-11-02 10:25 143360 ----a-w c:\windows\Inf\infstrng.dat
2009-04-09 13:41 . 2008-07-18 20:08 -------- d-----w c:\program files\Safari
2009-04-06 19:47 . 2008-12-18 06:05 -------- d-----w c:\users\deonarine\AppData\Roaming\uTorrent
2009-04-06 19:32 . 2008-07-31 04:29 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-05-08 21:14 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-05 03:49 . 2008-04-07 01:46 -------- d-----w c:\program files\Nero
2009-03-30 16:29 . 2007-06-22 17:13 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-27 16:18 . 2008-08-11 17:29 -------- d-----w c:\program files\Orb Networks
2009-03-14 02:10 . 2009-03-14 02:10 -------- d-----w c:\program files\PowerISO
2009-03-13 20:04 . 2007-06-30 06:38 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-12 16:18 . 2009-03-12 16:18 54656 ----a-r c:\windows\system32\drivers\SZKG.sys
2009-03-07 02:00 . 2009-03-07 02:00 -------- d-----w c:\program files\Microsoft
2009-03-07 02:00 . 2009-03-07 02:00 -------- d-----w c:\program files\Windows Live
2009-03-07 02:00 . 2009-03-07 02:00 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-07 01:58 . 2009-03-07 01:58 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-01 15:50 . 2009-03-01 15:50 -------- d-----w c:\program files\Watchtower
2009-02-27 22:50 . 2007-10-05 04:05 -------- d-----w c:\program files\Veoh Networks
2009-02-27 22:39 . 2008-01-04 23:23 -------- d-----w c:\program files\Common Files\Research In Motion
2009-02-27 00:45 . 2007-09-06 16:29 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-25 00:28 . 2008-01-04 23:42 -------- d-----w c:\users\deonarine\AppData\Roaming\InstallShield
2009-02-25 00:18 . 2007-07-19 21:54 -------- d-----w c:\program files\Creative
2009-02-24 23:50 . 2009-02-24 23:50 -------- d-----w c:\program files\Common Files\xing shared
2009-02-24 23:50 . 2009-02-24 23:50 -------- d-----w c:\program files\Common Files\Real
2009-02-24 23:50 . 2009-02-24 23:50 -------- d-----w c:\program files\Real
2009-02-22 00:33 . 2009-02-22 00:33 -------- d-----w c:\users\deonarine\AppData\Roaming\Red Kawa
2009-02-22 00:33 . 2009-02-22 00:33 -------- d-----w c:\program files\Regensoft
2009-02-22 00:33 . 2008-04-02 22:22 -------- d-----w c:\program files\AviSynth 2.5
2009-02-22 00:33 . 2009-02-22 00:33 -------- d-----w c:\program files\Red Kawa
2009-02-09 03:10 . 2009-03-11 12:58 2033152 ----a-w c:\windows\System32\win32k.sys
2009-02-06 23:52 . 2009-02-06 23:52 49504 ----a-w c:\windows\System32\sirenacm.dll
2009-01-15 06:11 . 2009-02-11 15:10 827392 ----a-w c:\windows\System32\wininet.dll
2008-12-03 14:59 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-11-15 14:59 . 2008-11-15 14:59 680 ----a-w c:\users\deonarine\AppData\Local\d3d9caps.dat
2008-07-18 19:45 . 2007-06-29 01:46 116080 ----a-w c:\users\deonarine\AppData\Local\GDIPFONTCACHEV1.DAT
2008-07-15 01:53 . 2007-08-20 01:00 4244 ----a-w c:\users\deonarine\AppData\Roaming\wklnhst.dat
2008-05-08 15:2008-05-08 15:30 29:59 . c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=c:\windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ZDWLan Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ZDWLan Utility.lnk
backup=c:\windows\pss\ZDWLan Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^deonarine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runit_32.lnk]
path=c:\users\deonarine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runit_32.lnk
backup=c:\windows\pss\runit_32.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2008-06-03 01:35 50528 c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 06:40 687560 c:\users\deonarine\Documents\ryan\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
--a------ 2008-08-13 18:32 206064 c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
--a------ 2007-10-09 18:57 16384 c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
--a------ 2007-03-16 06:20 17920 c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 03:33 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-05-08 11:29 29744 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2008-06-24 14:34 41824 c:\program files\Common Files\aol\1183087736\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-09-29 12:39 151552 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
--a------ 2006-09-11 05:40 218032 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-09-11 05:40 218032 c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-09-11 05:40 86960 c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2009-04-02 16:11 342312 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
--a------ 2009-04-06 15:32 1277584 c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
--a------ 2008-01-19 03:33 227840 c:\windows\System32\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-11-02 04:38 167936 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rindelnk]
--a------ 2009-03-20 18:52 868352 c:\users\deonarine\AppData\Local\rindelnk\rindelnk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2007-04-23 12:43 228088 c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-08 11:29 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB2Check]
--a------ 2005-12-21 10:14 73728 c:\windows\System32\PCLECoInst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
--a------ 2008-10-09 18:11 3502840 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 03:33 202240 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-02-08 01:16 303104 c:\windows\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FDB3A571-7AFC-40DD-AC57-B160C0CC7FC4}"= UDP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{041C474C-B8A0-41E3-B475-92434116C5B0}"= TCP:c:\program files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{6A3C9DE9-8F49-475E-8B11-0FF561791580}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{DD71ED14-64AE-4F05-BD36-379369B18CF1}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{700C43D8-2586-44CE-B896-853E10B8EAD3}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{EB97A37B-A27C-4AC3-83A5-BE32D8047F92}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{79408B95-F6A3-4A94-BED7-856D2538151C}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{E4ABA2EE-1D2A-4272-B56B-B06B6CF19C64}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{F3AD6029-0E0B-4998-BC5B-22E2672E15DD}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{30B564D4-37C0-4094-821F-A3EEC1E99112}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{659E25E1-AD5C-4A72-B372-A0B819878AEB}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{99D0BC8F-4CE1-486F-90EB-615C44E3D901}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{BDBD6E19-D3BF-4138-B5D8-D431C834F2E1}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{D4CB39C2-A219-4FDD-A1A8-85C8A772845B}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{97FB08DD-3FF5-4211-BCEC-EB8A67DD5272}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E8649730-FFE5-4425-947A-55F010EE2385}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E4D0F057-2223-4F4D-8074-B0FF6BC22F10}"= UDP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{718493B9-9E04-4497-99DE-B30B13F52B19}"= TCP:c:\program files\Pinnacle\Studio 10\programs\RM.exe:Render Manager
"{404B2387-B655-4605-9474-90071C27D173}"= UDP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{401FD4F5-0774-4118-B4CD-5CB2145BBD90}"= TCP:c:\program files\Pinnacle\Studio 10\programs\Studio.exe:Studio
"{E36433AA-FB8E-4DD6-BA1C-006C93156C43}"= UDP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{71344977-242C-4212-B708-CF066D606478}"= TCP:c:\program files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe:PMSRegisterFile
"{FABE6113-ECED-4AED-B591-9ADDF83F83DA}"= UDP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"{804FAD02-E5E7-422F-AB2F-127ACFC96CAC}"= TCP:c:\program files\Pinnacle\Studio 10\programs\umi.exe:umi
"TCP Query User{8BF888D0-3B12-433C-AD85-EEB5E7942A07}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{3170AF41-5266-4A48-B707-24A3F1CECDCF}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{A72D4C1B-801A-47A7-8EC1-046A087E8B99}c:\\program files\\xlink kai evolution vii\\kailaunch.exe"= UDP:c:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
"UDP Query User{96AC13C7-0A1B-4349-BE59-443D1CAB6F3D}c:\\program files\\xlink kai evolution vii\\kailaunch.exe"= TCP:c:\program files\xlink kai evolution vii\kailaunch.exe:XLink Kai Evolution 7 Launcher
"{F9A0FAE9-0CF7-4114-8A0A-6D6ED878CDDA}"= UDP:c:\program files\Common Files\aol\1183087736\ee\aolsoftware.exe:AOL Services
"{14653C32-9BA2-464D-85DE-34139A1EAACE}"= TCP:c:\program files\Common Files\aol\1183087736\ee\aolsoftware.exe:AOL Services
"TCP Query User{A6E6AF0E-C01A-42DB-AD6F-5B36B84B6037}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= UDP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"UDP Query User{26DC1DBE-B554-4A21-B078-57718D8BE92E}c:\\program files\\roxio\\media manager 9\\mediamanager9.exe"= TCP:c:\program files\roxio\media manager 9\mediamanager9.exe:MediaManager9 Module
"{6BFCE5F2-A339-40CC-BCD9-A1C7AC2712A1}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{9A31933F-C566-4745-9C5F-5EA54090D284}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{0891179D-EBDF-4703-974D-4A659BCFED4F}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{8E49E809-DF10-45C7-BE97-3B88741EE899}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{83388F4C-F4A2-4347-BC86-42EF1EF39869}"= UDP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{3A1469AC-CFDF-42D2-8281-6854DD4974B2}"= TCP:c:\program files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:RoxioUPnPRenderer9
"{92541134-E693-4B7E-84A6-2D682692F6D0}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{D673381A-C408-42B5-A46A-2E1D1759FE0E}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"TCP Query User{66ADC95A-60EA-4797-87A9-BDB5BA18F170}c:\\program files\\ares ultimate\\aresultimate.exe"= UDP:c:\program files\ares ultimate\aresultimate.exe:Ares p2p for windows
"UDP Query User{D60C2A55-EB8C-489D-8A03-71CA14DB4ACA}c:\\program files\\ares ultimate\\aresultimate.exe"= TCP:c:\program files\ares ultimate\aresultimate.exe:Ares p2p for windows
"TCP Query User{0A87248C-4A7C-4234-90E9-3B55A8AEEA6A}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{8266B793-0EE8-42F4-A831-7127A4ACE68B}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"{25836136-21FF-4292-AAE1-EC07F7EDE73E}"= UDP:c:\program files\AOL 9.1\waol.exe:AOL
"{49CB0037-93CA-4891-8A67-3BD26202A686}"= TCP:c:\program files\AOL 9.1\waol.exe:AOL
"TCP Query User{65236354-A231-45B0-8D66-A955930E7FED}c:\\program files\\xlink kai\\kaiengine.exe"= UDP:c:\program files\xlink kai\kaiengine.exe:XLink Kai Engine
"UDP Query User{38DC8348-C9CA-4EE0-BD22-2608469179D1}c:\\program files\\xlink kai\\kaiengine.exe"= TCP:c:\program files\xlink kai\kaiengine.exe:XLink Kai Engine
"{DB7865C4-31DB-4904-9B0E-25E2DD7984F3}"= UDP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{86DBC8A6-DE09-4D44-B60B-D5ED056BE534}"= TCP:c:\program files\Orb Networks\Orb\bin\Orb.exe:Orb
"{01AA3444-9EA9-4AD9-B118-DEFDCEE6801D}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{069C598C-3C76-455C-8071-6429ADE8E075}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbTray.exe:OrbTray
"{99A21BCA-0944-4F23-959C-FEBA7B149624}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{04E9CA19-BDAB-4C08-B96D-8CB0FF58F868}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbIR.exe:OrbIR
"{9E7966F7-8397-4FBF-90B6-B8BAE0CE814C}"= UDP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{96775228-80C4-4D5C-9075-146304BE2AF6}"= TCP:c:\program files\Orb Networks\Orb\bin\OrbStreamerClient.exe:Orb Stream Client
"{9DD4C5E3-ECA1-44D1-A4B6-6100D80954A9}"= Profile=Private|Profile=Public|c:\program files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent
"{F8215983-6065-46DF-85D1-DDAC70BBBC4B}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{9B708073-F811-4916-B602-93A011FD4BCA}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{1B777FEA-4C98-4562-8AD7-6DFED4696E44}"= UDP:c:\users\deonarine\Documents\ryan\uTorrent.exe:µTorrent (TCP-In)
"{A0EF5928-E5A2-41FC-A356-E7BE4583D8E6}"= TCP:c:\users\deonarine\Documents\ryan\uTorrent.exe:µTorrent (UDP-In)
"{F6EBC1A8-1FE6-4734-8F0C-BCEF14D79B81}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{41E285B4-2160-4D8F-AF36-012BE4ABD3DA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3AC3F135-8B88-4A2A-98B5-CDEE2F213258}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{5110618A-E28E-4A89-83F3-945810C756F5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athru6.sys [2007-07-05 873472]
R3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BRGSp50.sys [2005-06-08 20608]
R3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-05-08 29744]
R3 PsSdk30;PsSdk30;
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2008-07-28 36928]
R3 ZDPSp60;ZDPSp60 NDIS Protocol Driver;
S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys [2009-03-12 54656]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {65E6362A-B878-4A7B-86DA-D16F8DBD75C7} /qb
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-23 20:28]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-BMd970c292 - c:\users\DEONAR~1\AppData\Local\Temp\njdhhllm.dll
MSConfigStartUp-LaunchList - c:\program files\Pinnacle\Studio 10\LaunchList.exe
MSConfigStartUp-MSServer - c:\windows\system32\hgGVoMGY.dll
MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/
mSearchMigratedDefaultURL = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
mSearchURL = hxxp://www.google.com/
IE: &AIM Toolbar Search - c:\programdata\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
TCP: {78CE155D-5935-46A0-909B-4292F354B38C} = 24.29.103.15,24.29.103.16
FF - ProfilePath - c:\users\deonarine\AppData\Roaming\Mozilla\Firefox\Profiles\dbv4twat.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com
FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.11);user_pref(general.useragent.extra.zencast,
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 20:22
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000065465153DB39D95BA3 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"

[HKEY_USERS\.Default\CMI-CreateHive{274AB9BD-5778-42E7-84B9-863B8D8DF87A}\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
Completion time: 2009-04-13 20:24
ComboFix-quarantined-files.txt 2009-04-14 00:24

Pre-Run: 227,648,389,120 bytes free
Post-Run: 227,660,365,824 bytes free

474 --- E O F --- 2009-03-20 02:38

Bugbatter

20.5K Posts

April 13th, 2009 19:00

Please run HijackThis and placre a checkmark next to the following:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

Close all other windows and click "Fix checked". Close HijackThis.

Run DiskCleanup in each user's profile.

1. Open Disk Cleanup by clicking the Start button Picture of the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

2. In the Disk Cleanup Options dialog box, choose whether you want to clean up your own files only or all of the files on the computer. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

4. Click the Disk Cleanup tab.

* Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

5. When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.

Reboot.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run. Please follow these steps to remove older version Java components and update.

Download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says Java SE Runtime Environment (JRE) 6 Update 13 .
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
NOTE: As always during installations, beware of any pre-checked option to install a toolbar. If you do not want it, UNcheck it.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each of the Java versions.
Close Add/Remove.
* In Windows Explorer, navigate to C:\Program Files\Java =this folder. Delete any subfolders.
* Do NOT delete C:\Program Files\ JavaVM =this folder, if found!
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.

Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Let me know how things are running.

View All

No Events found!

Virus & Spyware

very slow internet would like some help please