Jump to content


Photo

Computer lagging/slowing


  • Please log in to reply
17 replies to this topic

#1 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 14 April 2009 - 06:01 PM

Hello, my computer seems to be running bit slowly, when I watch videos etc, the buffering and streaming speed is bit off. Heres a Hijack file maybe something is infected or slowing it down.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:07 AM, on 05/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\schtasks.exe
C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Winamp\winampa.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.....com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://bar.baidu.com...aultsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://bar.baidu.com...aultsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Intel® Alert Service (AlertService) - Intel® Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel® Software Services Manager (ISSM) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Viiv™ Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel® Application Tracker (MCLServiceATL) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel® Remoting Service (Remote UI Service) - Intel® Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe


Please help ASAP

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,533 posts

Posted 17 April 2009 - 06:13 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.
If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.

[this is an automated reply]
This is an automated message. It does not count as help.

#3 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 21 April 2009 - 12:50 PM

Hello Bob_XXX_X

It may take some time and couple of attempts to provide you with the right help. Many of today's infections are advanced and install other infections on the computer.
It's almost impossible to remove the entire infection and to check for leftovers in one go. Please be patient.
:)

Please download ATF Cleaner. Save it to your Desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE: : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK for either of the prompts and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.




Please use the Internet Explorer browser, and do an online scan with Kaspersky Online Scanner

Note:
In Microsoft Windows Vista, you must open the Web browser using the Run as Administrator command.

If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

Please post the Kaspersky Online Scanner Report , MBAM log and the contents of checkup.txt in your next reply for further review.

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#4 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 29 April 2009 - 12:35 AM

Alright I got the logs here is the Mbam log:

Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 6.0.6001 Service Pack 1

22/04/2009 2:41:34 AM
mbam-log-2009-04-22 (02-41-33).txt

Scan type: Quick Scan
Objects scanned: 52879
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Bob\AppData\Local\Temp\_isE62A.exe (Rogue.Installer) -> Quarantined and deleted successfully.


Next here is the Check up Log:

Results of screen317's Security Check version 0.98.3
Windows Vista Service Pack 1
``````````````````````````````
Antivirus/Firewall Check:
``````````````````````````````

Windows Firewall Enabled!
ECHO is off.
Error obtaining update status for antivirus!
``````````````````````````````
Anti-malware/Other Utilities Check:
``````````````````````````````

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ SE Runtime Environment 6 Update 1
``````````````````````````````
Process Check:
objlist.exe by Laurent
``````````````````````````````

``````````````````````````````
DNS Vulnerability Check:
``````````````````````````````


Scan took 11 seconds.
`````````End of Log```````````

#5 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 29 April 2009 - 01:41 AM

Great. Please run Kaspersky Online Scanner too. :)

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#6 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 11 May 2009 - 02:20 PM

heres the scan

file:///C:/Users/Mustafa/Documents/kasperskyscan.html

Not sure if you can view it I'll try another format if not

Edited by Bob_XXX_X, 11 May 2009 - 02:21 PM.


#7 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 11 May 2009 - 02:45 PM

Hello Bob

I can see that its saved on your computer as a html and I don't have access to your computer.

It was important to follow instructions
•Click the Save Report As... button.
•Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

Please copy and paste the content in your next reply. Please copy it from the .txt file if you have saved it.

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#8 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 11 May 2009 - 05:41 PM

ok here it is

Attached Files



#9 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 12 May 2009 - 12:01 AM

Well done. :thumbup:

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#10 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 22 May 2009 - 11:56 AM

Due to the lack of feedback this Topic is closed.

[Reopened]

Everyone else please begin a New Topic.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#11 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 24 May 2009 - 04:36 PM

Reopened at request of topic owner.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#12 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 24 May 2009 - 04:45 PM

Well done. :thumbup:

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


Best regards

e-tech




Here is the log

Attached Files

  • Attached File  log.txt   28.54KB   62 downloads


#13 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 25 May 2009 - 01:02 AM

Hello Bob_XXX_X

Please copy your logs into the thread and do not attach them.

Please disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.
After all of the fixes are complete it is very important that you enable Real-time Protection again.


The most current version of LimeWire is reported to include spyware. LimeWire 4.9.28 is clean (Older and newer version may not be) Chances are junk was bundled with this product even if you paid for it. If you are going to use p2p file sharing, I suggest you choose a safe program from here: http://p2p.malwareremoval.com/.


Then
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the quotebox below into it:

http://www.spywareinfoforum.com/index.php?showtopic=123589

KILLALL::
Collect::
C:\Program Files\Mozilla Firefox\wpepro09x\WPE PRO.exe
C:\Program Files\Mozilla Firefox\wpepro09x\WpeSpy.dll	
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.


Please run a scan with Trend Micro Rootkit Buster to make sure the problem is not caused by malware or rootkits.
Download Trend Micro Rootkit Buster from here.
  • Unzip it to your Desktop.
  • Open the extracted folder and doubleclick RootkitBuster.exe
  • Press Scan.
When finished you'll be asked "Do you want to view log file". Press "Yes" and paste the containts of the log in your next reply along with the ComboFix log.
If any infections found, please choose Delete Selected Items.


Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#14 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 25 May 2009 - 04:44 AM

heres is the combo fix log:



ComboFix 09-05-24.07 - Mustafa 25/05/2009 6:31.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.2038.1242 [GMT -7:00]
Running from: c:\users\Mustafa\Downloads\ComboFix.exe
Command switches used :: c:\users\Mustafa\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\program files\Mozilla Firefox\wpepro09x\WPE PRO.exe
file zipped: c:\program files\Mozilla Firefox\wpepro09x\WpeSpy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\wpepro09x\WPE PRO.exe
c:\program files\Mozilla Firefox\wpepro09x\WpeSpy.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-25 to 2009-05-25 )))))))))))))))))))))))))))))))
.

2009-05-25 13:34 . 2009-05-25 13:35 -------- d-----w c:\users\Mustafa\AppData\Local\temp
2009-05-25 13:34 . 2009-05-25 13:34 -------- d-----w c:\users\Guest\AppData\Local\temp
2009-05-21 19:23 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F4DD904-9C78-4371-A9D7-0133A3EBEA21}\mpengine.dll
2009-05-18 01:31 . 2009-05-18 01:31 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg6\RealPlayer11.exe
2009-05-18 01:31 . 2009-05-18 01:31 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-14 16:51 . 2009-05-14 16:51 -------- d-----w c:\users\Guest\AppData\Local\NextUp
2009-05-10 01:31 . 2009-05-10 01:31 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg5\RealPlayer11.exe
2009-05-02 14:35 . 2009-05-02 14:35 -------- d-----w c:\programdata\NextUp
2009-05-02 14:33 . 2009-05-02 14:33 -------- d-----w c:\users\Mustafa\AppData\Local\NextUp
2009-05-02 14:33 . 2009-05-02 14:36 -------- d-----w c:\program files\TextAloud
2009-05-01 22:31 . 2009-05-01 22:31 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg4\RealPlayer11.exe
2009-04-30 02:33 . 2009-04-30 02:33 -------- d-----w c:\program files\Common Files\DivX Shared
2009-04-26 01:44 . 2009-04-26 01:44 -------- d-----w c:\users\Mustafa\AppData\Local\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-25 13:35 . 2008-04-16 04:22 -------- d-----w c:\users\Mustafa\AppData\Roaming\DNA
2009-05-25 13:23 . 2008-01-06 13:41 -------- d-----w c:\users\Mustafa\AppData\Roaming\LimeWire
2009-05-25 13:22 . 2008-01-06 13:41 -------- d-----w c:\program files\LimeWire
2009-05-25 11:10 . 2008-12-10 04:13 -------- d-----w c:\programdata\Google Updater
2009-05-25 08:03 . 2008-01-04 17:41 12532 ----a-w c:\users\Mustafa\AppData\Roaming\wklnhst.dat
2009-05-13 10:01 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-03 05:04 . 2008-01-03 06:39 -------- d-----w c:\program files\Starcraft
2009-04-30 02:33 . 2008-01-03 05:15 -------- d-----w c:\program files\DivX
2009-04-23 21:39 . 2009-04-23 21:39 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-04-19 01:50 . 2009-04-19 01:49 -------- d-----w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-19 01:50 . 2009-04-19 01:49 -------- d-----w c:\program files\iTunes
2009-04-19 01:49 . 2009-04-19 01:49 -------- d-----w c:\program files\iPod
2009-04-19 01:49 . 2008-10-05 10:31 -------- d-----w c:\program files\Common Files\Apple
2009-04-19 01:46 . 2009-04-19 01:46 75048 ----a-w c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-18 06:06 . 2008-04-16 04:22 -------- d-----w c:\users\Mustafa\AppData\Roaming\BitTorrent
2009-04-15 00:10 . 2009-04-15 00:10 -------- d-----w c:\users\Mustafa\AppData\Roaming\uniblue
2009-04-15 00:10 . 2009-04-15 00:10 -------- d-----w c:\program files\Uniblue
2009-04-13 21:39 . 2009-04-13 21:39 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
2009-04-08 13:47 . 2008-10-16 22:13 -------- d-----w c:\users\Mustafa\AppData\Roaming\FUJIFILM
2009-04-05 09:32 . 2009-04-05 09:32 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe
2009-03-31 17:38 . 2008-11-27 09:47 936 ----a-w c:\users\Guest\AppData\Roaming\wklnhst.dat
2009-03-23 18:32 . 2009-03-23 18:32 390664 ----a-w c:\users\Mustafa\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-03-23 06:12 . 2009-03-04 19:36 680 ----a-w c:\users\Mustafa\AppData\Local\d3d9caps.dat
2009-03-19 23:32 . 2009-04-19 01:50 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 23:32 . 2009-03-19 23:32 23400 ----a-w c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-04-15 22:15 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 22:15 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-15 22:15 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 22:15 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 22:15 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 22:15 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 22:15 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 22:15 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 22:15 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 22:15 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 22:15 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 04:37 . 2009-04-15 22:15 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 03:04 . 2009-04-15 22:15 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 22:15 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 22:15 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w c:\program files\mozilla firefox\plugins\ssldivx.dll
2007-09-27 22:09 . 2007-09-27 22:03 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2009-05-25_01.27.58 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-27 21:24 . 2009-05-25 01:22 46620 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-09-27 21:24 . 2009-05-25 13:12 46620 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-05-25 13:12 59264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2009-05-25 01:22 59264 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-01-03 02:36 . 2009-05-25 01:22 12206 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3901349471-3341037128-1080287765-1001_UserData.bin
+ 2008-01-03 02:36 . 2009-05-25 13:12 12206 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3901349471-3341037128-1080287765-1001_UserData.bin
+ 2008-01-03 02:34 . 2009-05-25 13:35 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-03 02:34 . 2009-05-25 01:20 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-03 02:34 . 2009-05-25 13:35 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-03 02:34 . 2009-05-25 01:20 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-03 02:34 . 2009-05-25 01:20 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-03 02:34 . 2009-05-25 13:35 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-03 00:23 . 2009-05-22 11:51 2916 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-01-03 00:23 . 2009-05-25 11:46 2916 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-01-03 02:09 . 2009-05-25 06:16 261210 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2008-01-03 02:09 . 2009-05-23 16:43 261210 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2008-12-03 23:54 204248 ----a-w c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"BitTorrent DNA"="c:\users\Mustafa\Program Files\DNA\btdna.exe" [2009-01-28 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"="FactoryMode" [X]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]
"SpeedTouch USB Diagnostics"="c:\program files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 4341760]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 71176]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-03 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-26 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-26 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2008-10-16 303104]
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2299F01F-C91A-457C-B72E-0365A38E1687}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{BC96A6C0-9CBB-4BE5-9033-56696B4F6D36}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{A74E5317-1196-452F-96BF-F03DA7892753}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{4A4BA856-3E92-47BF-9D44-5E4C91294BEC}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv™ Media Server
"{89D13081-7054-4D4F-929C-2AA827F2D024}"= UDP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{447D9DA3-690F-4F81-BD7F-C7225870C9DE}"= TCP:c:\program files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{C449C751-CC0C-4F27-AF83-0AA4DF41EEA6}"= TCP:9442:127.0.0.1:Intel® Viiv™ Media Server Discovery
"{5E7CD85A-1E84-4572-B30E-334F82E13D57}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv™ Media Server UPnP Discovery
"{5C32179F-54B8-49A1-9920-7D9C3C0D4EC3}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{45BEEF07-5D7F-4AC4-B370-59AA55B5CC62}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2D42B8C3-48C3-4F93-906B-A887994DDE3D}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0EAD738F-0CB3-4359-8E87-FDDBCE76158A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{934C80B0-EDDF-4ED8-AD06-2D0927175F05}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{76A5270C-3B3B-45CE-B248-7B6F3F7BF370}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{64C49249-9616-44CF-8C51-228023E3788B}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{7E2584D2-EDA8-439C-9360-52F4C08BFDEC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{B949941E-7784-4555-877F-E6CEA87CE006}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{3CA8DCA7-AC8E-4840-82E3-44995A54AE84}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{E25CBD1D-D17D-43BA-9EB5-3ABB18FA2ED6}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= UDP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"UDP Query User{50A3ECC7-6AF3-4421-870A-F60842867A4B}c:\\program files\\maiet\\gunz\\gunzlauncher.exe"= TCP:c:\program files\maiet\gunz\gunzlauncher.exe:GunzLauncher
"TCP Query User{57B77FC3-FFF0-434F-BE52-9AFB4700D168}c:\\users\\mustafa\\desktop\\[antrix]chaosrepackv2\\antrix.exe"= UDP:c:\users\mustafa\desktop\[antrix]chaosrepackv2\antrix.exe:antrix.exe
"UDP Query User{C6299A90-8C50-4141-8404-7C06985E91D3}c:\\users\\mustafa\\desktop\\[antrix]chaosrepackv2\\antrix.exe"= TCP:c:\users\mustafa\desktop\[antrix]chaosrepackv2\antrix.exe:antrix.exe
"TCP Query User{A7DDB6B7-5B15-4108-B031-B1CADD0C0455}c:\\users\\mustafa\\desktop\\[antrix]chaosrepackv2\\logonserver.exe"= UDP:c:\users\mustafa\desktop\[antrix]chaosrepackv2\logonserver.exe:logonserver.exe
"UDP Query User{84E07877-30AD-4B42-814A-0E1B7CA4125A}c:\\users\\mustafa\\desktop\\[antrix]chaosrepackv2\\logonserver.exe"= TCP:c:\users\mustafa\desktop\[antrix]chaosrepackv2\logonserver.exe:logonserver.exe
"TCP Query User{E30B1C42-07A0-4650-8575-5CA9B846D71C}c:\\users\\mustafa\\desktop\\[antrix]chaosrepackv2\\antrix.exe"= UDP:c:\users\mustafa\desktop\[antrix]chaosrepackv2\antrix.exe:antrix.exe
"UDP Query User{E17C86D2-4CA7-4AAC-8FDD-C152BAF908DB}c:\\users\\mustafa\\desktop\\[antrix]chaosrepackv2\\antrix.exe"= TCP:c:\users\mustafa\desktop\[antrix]chaosrepackv2\antrix.exe:antrix.exe
"{2F1DDCCF-0F04-4AA0-BDC7-3AA04F86CC68}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0D4E3C76-4938-4055-BFEA-1AE310238B41}c:\\program files\\bootfighter windom xp sp-2.net\\server.exe"= UDP:c:\program files\bootfighter windom xp sp-2.net\server.exe:Server
"UDP Query User{E3CAA338-84DC-4E6B-A048-2DBA5D792F70}c:\\program files\\bootfighter windom xp sp-2.net\\server.exe"= TCP:c:\program files\bootfighter windom xp sp-2.net\server.exe:Server
"{EF33FE22-8033-4576-93EF-F1ABD38967D3}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{DE602625-0F58-40E5-8DB5-30D094FF3A85}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{BCE157FA-78EC-48F0-974C-491532F158B2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{0CE40EC8-4C23-4CD8-999A-32A7ED2C1CD7}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{D78378A3-3F70-46E2-A504-3A6160883698}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{2925DB29-C951-4E1C-8520-E02E19B4386F}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{C9A60C95-50B4-45FB-A131-ABC5BF0203AC}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{E706887A-2603-4CF0-AD60-D70F0383B5B1}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{897C4BC7-88D2-4203-822C-9E0920193C6B}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{103C50C4-12CE-4095-BD08-9C7AE9458F42}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{D4F87958-07DD-4AFF-91FA-0750AE89FC67}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B2481B41-EBB1-4373-9BDA-7501A9B4E0DB}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{783870A3-EF01-46FF-A4C6-32034CA4C8B3}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{223D8F05-4B81-4F74-BCEF-D1073D8DF4A4}c:\\users\\mustafa\\desktop\\skype.exe"= UDP:c:\users\mustafa\desktop\skype.exe:skype.exe
"UDP Query User{082BD0A0-6E54-4433-9907-AF8BFCDF27CB}c:\\users\\mustafa\\desktop\\skype.exe"= TCP:c:\users\mustafa\desktop\skype.exe:skype.exe
"TCP Query User{EC973367-0F5F-4562-AD7C-406E8A25A0DA}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{06A5CBBA-228E-41EF-99BF-BDF68FAA888E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{54F302E6-C90E-4E20-8B15-FAC15668C2DC}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{E793EE9B-7D15-4988-91DC-884A0013EAF9}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{DE57B815-D701-42E6-A440-49A88DFB6C33}c:\\windows\\system32\\msconf.exe"= UDP:c:\windows\system32\msconf.exe:msconf
"UDP Query User{6EE5FB9F-11B0-483F-8514-34CEA245F7CB}c:\\windows\\system32\\msconf.exe"= TCP:c:\windows\system32\msconf.exe:msconf
"{35E62769-C5EF-4029-928A-687731947D86}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A6A5466A-8FAC-45B7-80D2-5DECD6242D6D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{13B0E99D-BEE9-4568-B2A7-5004DAA84522}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B5E34842-48F4-4809-ADCD-EA0125E70DE8}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{BE3C728E-862A-4B3D-9C03-0AA35F4F5E45}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{EFA7B2F4-42B9-4405-A31F-1A4B0685698B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E08ED4BE-5923-4771-B05E-E1A4CC489983}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6F5F0860-898C-45CD-B794-96E18AF58D3A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{7BD33B30-0F11-40F9-812E-5B7A2964A06E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{E5B7D533-4BE5-4798-BCD3-C6D8AE0CC95B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{C01C3DB4-0420-4344-861C-30C113DFE935}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4E97E07B-EA90-42B2-89BA-E3ADE1449745}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{37C5D842-016B-47C7-99BC-35F233FD1F55}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{57CBEE1D-5257-4249-9EED-F22B361A0A8C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{546B2334-A577-4E33-A347-3976E17FDADC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E42EA7C-E7A8-4176-AD54-CCD9147F9CDC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{50237D0E-E306-4BE4-8C38-3741689684B9}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{32A64BBD-9C5F-4733-A0A7-B451D48F5CC7}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F61C7652-8B8C-429C-A4C8-F8BD5227F23B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{F23D9FD5-F36D-4846-B7C5-10985ED3A008}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9E69C1B4-0066-4F76-A080-4817B6DF2EFD}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{609638D3-EA35-490E-9B91-E2CCB8517B03}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{621873B1-497F-430A-8449-3BA9BCD67D8F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{9B7D1F6D-7817-40F5-8F6B-0192B034E376}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0D7A9E8C-75EA-411E-A525-E6650BF114F5}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2A5FD704-1BBA-4FA3-B3ED-78DDF6705681}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{FD959868-6DCA-457A-A6D2-3AF323F4654A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{EA349ABE-6E46-4924-8E64-C4307902BAB1}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{6E2E40DA-9DC4-479D-BC0B-2D6F19461569}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4B5F8765-6B9D-4F34-AC2D-0675593C4687}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D7EFC1F8-4CFE-4AFD-A8C7-D8FAD55C5F86}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{80235F14-3854-49FE-803B-ACD845F48336}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{12B78B13-EE64-4A46-9744-B932DD280840}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2CDDA969-7EC6-48FE-807C-055329F41D48}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D259A9F0-A4E1-4B48-8038-D16D967B85F3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AF46B7D3-2209-40C5-88A9-A7A5C4000A51}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{0A1F1A8D-403E-4C04-8472-E24655409009}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{4A59211A-C5E6-45E1-B8AE-85A3438846DC}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{865FEED1-4EF4-4EA7-BE61-02270D83AEE0}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00C937C7-9A70-4F9E-AE8C-52D11D223A7D}"= UDP:5353:Adobe CSI CS4
"{BA0974CE-4CBB-43FA-A874-D88C90738B0B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{C19931A9-D1B9-45E5-9CBB-4A7E481E49BE}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{55DF731C-2BCB-4D34-A60E-096C73E95A1C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{1F3EA094-1998-4899-9180-BB90285AE9EA}c:\\users\\mustafa\\appdata\\local\\temp\\blizzard launcher temporary - 54b1b230\\launcher.exe"= UDP:c:\users\mustafa\appdata\local\temp\blizzard launcher temporary - 54b1b230\launcher.exe:launcher.exe
"UDP Query User{6F5055F3-8B09-4472-8A2E-B0CAC639C0BB}c:\\users\\mustafa\\appdata\\local\\temp\\blizzard launcher temporary - 54b1b230\\launcher.exe"= TCP:c:\users\mustafa\appdata\local\temp\blizzard launcher temporary - 54b1b230\launcher.exe:launcher.exe
"TCP Query User{A65DE352-E603-445E-A453-083C01809F5F}c:\\users\\mustafa\\appdata\\local\\temp\\blizzard launcher temporary - 8681aa18\\launcher.exe"= UDP:c:\users\mustafa\appdata\local\temp\blizzard launcher temporary - 8681aa18\launcher.exe:launcher.exe
"UDP Query User{1792F4E4-CFD3-42A4-9274-3467E9BC4E62}c:\\users\\mustafa\\appdata\\local\\temp\\blizzard launcher temporary - 8681aa18\\launcher.exe"= TCP:c:\users\mustafa\appdata\local\temp\blizzard launcher temporary - 8681aa18\launcher.exe:launcher.exe
"{9FD79F90-50AB-4A2D-BC1E-8223C3B5D15A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4D2C5305-0E4D-4C1F-A5A1-A124C81ADE6D}c:\\users\\mustafa\\appdata\\local\\temp\\blizzard launcher temporary - 15393a40\\launcher.exe"= UDP:c:\users\mustafa\appdata\local\temp\blizzard launcher temporary - 15393a40\launcher.exe:launcher.exe
"UDP Query User{EC46FA0D-AEB4-4540-93AE-87B756E15447}c:\\users\\mustafa\\appdata\\local\\temp\\blizzard launcher temporary - 15393a40\\launcher.exe"= TCP:c:\users\mustafa\appdata\local\temp\blizzard launcher temporary - 15393a40\launcher.exe:launcher.exe
"{CF86BBD0-E5BA-437E-8928-CCC71636CCDA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DAFE4838-4E57-4F51-84D4-F4203E5A3D1C}c:\\users\\mustafa\\program files\\dna\\btdna.exe"= UDP:c:\users\mustafa\program files\dna\btdna.exe:btdna.exe
"UDP Query User{DA5A0CF0-1412-4A78-86B3-19D39A6D293D}c:\\users\\mustafa\\program files\\dna\\btdna.exe"= TCP:c:\users\mustafa\program files\dna\btdna.exe:btdna.exe
"{0878FE4E-E12C-40D5-9C42-676402F9B5D4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{59621112-B085-4860-8A73-855193357A93}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{62D93B68-3198-4967-889D-060A305FE4BE}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AC436E25-1D9D-421C-9A09-0A01BF50475B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{D1F5C776-83FB-49E2-BEAB-F863FE6AFD44}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{77982045-4924-450B-AF17-49ABC818F078}c:\\users\\public\\games\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\public\games\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"{7E1E41DE-ACC2-4172-BE30-18CBC36E9D4D}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{D2783577-A99F-443F-B555-4143F00106E8}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"UDP Query User{291C5A7E-931B-42BC-9547-489DA67BED48}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo
"{B10B287B-9174-4716-AF24-8C7D375F43C3}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{8952674D-1987-4674-B09E-A4CDF0C66833}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-enUS-downloader.exe:Blizzard Downloader
"{CD9771EE-1BF6-4276-AA79-BD0ADE0925F2}"= UDP:3724:Blizzard Downloader: 3724
"TCP Query User{FDB37ED4-50EB-46A9-B7E9-D08C7A0C0926}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= UDP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{887D3A74-B683-4B4C-8368-B2E36487C84D}c:\\users\\public\\games\\world of warcraft\\launcher.exe"= TCP:c:\users\public\games\world of warcraft\launcher.exe:Blizzard Launcher
"{4B977CBD-9D0A-437A-B332-194B81E186DB}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A8C3A3F1-7F50-4185-A4CF-9E5A458F305F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [03/09/2006 10:32 AM 208896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [10/05/2006 9:13 AM 29696]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\System32\drivers\IcdUsb2.sys [28/01/2009 9:58 PM 39048]
S3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 10:31 PM 29263712]
.
Contents of the 'Scheduled Tasks' folder

2009-05-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-10 00:53]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=74&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Mustafa\AppData\Roaming\Mozilla\Firefox\Profiles\xksa0lcj.default\
FF - prefs.js: browser.startup.homepage - msn.com
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Mustafa\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-25 06:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Hotspot Shield\bin\openvpnas.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\schtasks.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
.
**************************************************************************
.
Completion time: 2009-05-25 6:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-25 13:39
ComboFix2.txt 2009-05-25 01:29
ComboFix3.txt 2008-02-16 17:51

Pre-Run: 208,831,164,416 bytes free
Post-Run: 208,821,346,304 bytes free

328 --- E O F --- 2009-05-21 19:23
Upload was successful



and here is the Trends Rootkit Log:



+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version: 2.52.0.1013
+----------------------------------------------------


--== Dump Hidden MBR and Hidden File on C:\ ==--
No hidden files found.

--== Dump Hidden Registry Value on HKLM ==--
No hidden registry entries found.


--== Dump Hidden Process ==--
No hidden processes found.

--== Dump Hidden Driver ==--
No hidden drivers found.

#15 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 25 May 2009 - 05:24 AM

Hello Bob_XXX_X

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please choose I Agree button Posted Image
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
    Posted Image
Please post the results in your next reply and let me know how is your computer performing now.

Best regards

e-tech

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#16 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 25 May 2009 - 06:18 AM

it says internet explorer is not running as administrator, even though I'm on the admin account

#17 e-tech

e-tech

    e-tech

  • Trusted Advisor*
  • PipPipPipPipPip
  • 1,891 posts

Posted 25 May 2009 - 06:24 AM

Please right-click and choose Run as Administrator.

My fight is dedicated to the children with autism - please support and help these kids.

Our greatest glory is not in never falling but in rising every time we fall.
- Confucius


#18 Bob_XXX_X

Bob_XXX_X

    Member

  • Full Member
  • Pip
  • 47 posts

Posted 25 May 2009 - 03:02 PM

Alright I got it to work here is the scan:


statistics

Time

01:04:30

Files

371169


Folders


25626

Boot Sectors


0

Archives


4035

Packed Files


23479


Results

Identified Viruses


5

Infected Files


5

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


5


Engines Info

Virus Definitions


3183998

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4



Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes



Scanned File


Status

C:\Program Files\Mozilla Firefox\OblivionV305\zLoader.exe


Infected with: Trojan.Generic.1000837

C:\Program Files\Mozilla Firefox\OblivionV305\zLoader.exe


Deleted

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081001-044458-686.dll


Detected with: Adware.Generic.29279

C:\Program Files\Trend Micro\HijackThis\backups\backup-20081001-044458-686.dll


Deleted

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


Infected with: Trojan.Generic.1783429

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


Deleted

C:\QooBox\Quarantine\[4]-Submit_2009-05-25_06.30.38.zip=>WPE PRO.exe


Infected with: Trojan.Generic.1609764

C:\QooBox\Quarantine\[4]-Submit_2009-05-25_06.30.38.zip=>WPE PRO.exe


Deleted

C:\QooBox\Quarantine\[4]-Submit_2009-05-25_06.30.38.zip


Updated

C:\QooBox\Quarantine\[4]-Submit_2009-05-25_06.30.38.zip=>WpeSpy.dll


Infected with: Trojan.Generic.1642088

C:\QooBox\Quarantine\[4]-Submit_2009-05-25_06.30.38.zip=>WpeSpy.dll


Deleted

C:\QooBox\Quarantine\[4]-Submit_2009-05-25_06.30.38.zip


Updated

Edited by Bob_XXX_X, 27 May 2009 - 01:45 PM.





Member of UNITE
Support SpywareInfo Forum - click the button