extra slow pc, duplicating trojan, not sure what else

View previous topic View next topic Go down

extra slow pc, duplicating trojan, not sure what else

Post by anatashamy on 10th January 2010, 2:59 pm

First off...thank you. I'm glad I found this site. I'm a try to fix it yourself and hope you don't crash the pc person. Mostly because it's my only option. Until now. I really appreciate any help you have for me. THANKS.
Norton did find a duplicating trojan that I have to remove, but I forgot the name of it. It said to run a removal program and it would be fixed, so I'm trying to go through any steps I find on your site to update everything and run some removal programs.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:31 AM, on 1/10/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\sttray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Java\jre1.6.0\bin\javaw.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\qcd\Desktop\winlogon.scr

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: (no name) - {D6F180CB-E683-41a3-8CD2-C53DBAA0530D} - (no file)
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [MMTray] C:\PROGRA~1\MUSICM~1\MUSICM~2\mm_tray.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Easy Dock] C:\Users\qcd\Documents\RCA EasyRip\EZDock.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: CNET TechTracker.lnk = C:\Users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
O4 - Startup: RCA Detective.lnk = C:\Users\qcd\Documents\RCA Detective\RCADetective.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Display All Images with Full Quality - [You must be registered and logged in to see this link.] Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - [You must be registered and logged in to see this link.] Files\NetZero\qsacc\appres.dll/227
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E5168F0C-8591-11D4-BCDF-006008B7FEA4} (PWLNINST Control) - [You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{5255826D-14B2-4527-97D2-8E29D6DE7898}: NameServer = 64.136.52.73 64.136.44.73
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CarboniteService - Carbonite, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12169 bytes

anatashamy
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-08
OS OS : windows vista
Points Points : 25339
# Likes # Likes : 0

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by Belahzur on 10th January 2010, 7:21 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

combofix txt

Post by anatashamy on 11th January 2010, 6:55 pm

ComboFix 10-01-04.01 - qcd 01/11/2010 10:33:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.394 [GMT -5:00]
Running from: c:\users\qcd\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Norton Internet Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Norton Internet Security Online *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2282408542-3759090798-812850881-500
c:\users\qcd\AppData\Roaming\DriveCleaner Freeware
c:\users\qcd\AppData\Roaming\DriveCleaner Freeware\Logs\update.log
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 15:48 . 2010-01-11 15:51 -------- d-----w- c:\users\qcd\AppData\Local\temp
2010-01-11 15:48 . 2010-01-11 15:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-11 15:22 . 2010-01-11 15:28 -------- d-----w- C:\32788R22FWJFW
2010-01-11 15:02 . 2010-01-11 15:02 -------- d-----w- C:\3cc9d163c2777a9edc50477e87
2010-01-11 14:56 . 2010-01-11 14:57 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-10 05:08 . 2010-01-10 05:08 -------- d-----w- c:\users\qcd\AppData\Roaming\funkitron
2010-01-10 04:56 . 2010-01-10 04:56 -------- d-----w- c:\program files\Yahoo! Games
2010-01-10 03:19 . 2010-01-10 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 18:26 . 2010-01-10 05:18 -------- d-----w- c:\users\qcd\.SunDownloadManager
2010-01-08 14:17 . 2010-01-08 14:17 -------- d-----r- c:\program files\Norton Support
2010-01-06 09:39 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-01-06 09:39 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-01-06 09:39 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-06 09:37 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-01-06 09:36 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2010-01-06 04:13 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-04 23:56 . 2010-01-04 23:55 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-04 23:56 . 2010-01-04 23:56 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-04 23:56 . 2010-01-05 00:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-04 23:56 . 2010-01-04 23:56 -------- d-----w- c:\program files\Symantec
2010-01-04 23:54 . 2010-01-04 23:54 -------- d-----w- c:\windows\system32\drivers\NIS
2010-01-04 23:54 . 2010-01-04 23:54 -------- d-----w- c:\program files\Norton Internet Security
2010-01-04 23:54 . 2010-01-04 23:58 -------- d-----w- c:\programdata\Norton
2010-01-04 23:52 . 2010-01-04 23:52 -------- d-----w- c:\program files\NortonInstaller
2010-01-04 22:35 . 2010-01-04 22:35 -------- d-----w- c:\programdata\NortonInstaller
2010-01-04 18:08 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-01-04 18:08 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-01-03 16:59 . 2009-10-27 15:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-03 13:09 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-03 13:09 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-03 13:09 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-03 09:41 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-01-03 09:41 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-03 09:41 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-03 08:12 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-01-03 08:12 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-03 08:12 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-01-03 07:08 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 07:08 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-03 07:08 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-03 07:08 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-03 05:41 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-03 05:23 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-03 05:23 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-03 02:01 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-03 02:01 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-01-03 02:01 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-01-03 02:01 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-03 02:01 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2010-01-03 02:01 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2010-01-03 01:31 . 2009-03-03 04:20 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-01-03 01:31 . 2009-03-03 04:16 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-01-03 01:31 . 2009-03-03 04:19 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-01-03 01:31 . 2009-03-03 01:59 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-01-03 01:31 . 2009-03-03 04:20 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-01-03 01:31 . 2009-03-03 02:40 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-01-03 01:31 . 2009-03-03 04:19 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-01-03 01:31 . 2009-03-03 04:19 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-01-03 01:31 . 2009-03-03 04:16 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-01-03 01:31 . 2009-03-03 04:16 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-01-03 01:31 . 2009-03-03 04:16 53248 ----a-w- c:\windows\system32\iasads.dll
2010-01-03 01:16 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-01-03 01:16 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-01-03 01:16 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-03 01:16 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-01-03 01:16 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-01-02 23:38 . 2009-03-17 03:16 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-01-02 23:38 . 2009-03-17 03:16 25600 ----a-w- c:\windows\system32\amxread.dll
2010-01-02 23:25 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2010-01-02 23:25 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2010-01-02 23:25 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-01-02 23:25 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-01-02 23:25 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2010-01-02 23:11 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-01-02 23:11 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-01-02 23:11 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-01-02 22:48 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-01-02 22:48 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-01-02 22:48 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-01-02 22:48 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-01-02 22:48 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-01-02 22:48 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-01-02 22:32 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
2010-01-02 22:17 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2010-01-02 22:17 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-02 22:17 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-02 22:17 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-02 22:17 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-02 22:17 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-02 22:16 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-01-02 22:01 . 2008-06-05 04:50 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-01-02 22:01 . 2008-06-05 04:50 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-01-02 21:27 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-01-02 19:24 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-01-02 19:24 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-01-02 19:24 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-01-02 19:24 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-01-02 19:24 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll
2010-01-02 19:24 . 2009-06-10 12:09 12800 ----a-w- c:\windows\system32\msrle32.dll
2010-01-02 19:21 . 2009-08-10 13:08 321536 ----a-w- c:\windows\system32\WSDApi.dll
2010-01-02 19:16 . 2009-04-02 11:50 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-01-02 15:53 . 2009-09-14 09:50 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-01-02 15:46 . 2009-10-07 12:47 232960 ----a-w- c:\windows\system32\rastls.dll
2010-01-02 15:46 . 2009-10-07 12:47 274432 ----a-w- c:\windows\system32\raschap.dll
2010-01-02 15:46 . 2009-06-10 12:16 156160 ----a-w- c:\windows\system32\wkssvc.dll
2010-01-02 14:48 . 2009-07-17 14:52 71680 ----a-w- c:\windows\system32\atl.dll
2010-01-02 13:36 . 2010-01-05 22:09 -------- d-----w- c:\users\qcd\AppData\Local\AIM
2010-01-02 13:36 . 2010-01-02 13:36 -------- d-----w- c:\programdata\AIM
2010-01-02 13:35 . 2010-01-02 13:35 -------- d-----w- c:\program files\AIM
2010-01-02 13:35 . 2010-01-02 13:35 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-01-01 13:49 . 2010-01-01 13:49 -------- d-----w- c:\users\qcd\AppData\Roaming\CBS Interactive
2010-01-01 04:16 . 2010-01-01 04:16 -------- d-----w- c:\users\qcd\AppData\Roaming\AVG8
2009-12-31 17:21 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 14:36 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-31 14:36 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-12-31 14:36 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-12-31 14:36 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-12-31 14:35 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-12-31 14:35 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-12-31 14:35 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-12-31 14:34 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-12-31 14:34 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-12-29 21:35 . 2010-01-10 16:34 -------- d-----w- c:\program files\NetZero
2009-12-29 21:35 . 2010-01-02 16:19 -------- d-----w- c:\programdata\NetZero
2009-12-29 21:35 . 2010-01-10 16:34 -------- d-----w- C:\NetZeroInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-11 14:58 . 2007-09-01 19:03 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-10 16:33 . 2009-02-16 18:08 -------- d-----w- c:\program files\Big Kahuna Reef 2
2010-01-10 14:20 . 2007-06-06 14:11 -------- d-----w- c:\program files\Google
2010-01-10 03:16 . 2007-06-06 14:00 -------- d-----w- c:\program files\Java
2010-01-07 22:30 . 2007-09-01 15:32 4232 ----a-w- c:\users\qcd\AppData\Roaming\wklnhst.dat
2010-01-07 00:06 . 2007-09-01 18:56 -------- d-----w- c:\programdata\Microsoft Help
2010-01-06 15:11 . 2007-09-01 19:08 -------- d-----w- c:\users\qcd\AppData\Roaming\U3
2010-01-05 03:50 . 2007-09-05 00:00 -------- d-----w- c:\users\qcd\AppData\Roaming\Yahoo!
2010-01-05 01:57 . 2009-01-13 14:23 680 ----a-w- c:\users\qcd\AppData\Local\d3d9caps.dat
2010-01-04 23:56 . 2010-01-04 23:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-04 23:56 . 2010-01-04 23:56 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-04 23:55 . 2010-01-04 23:55 99376 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\ERASER.SYS
2010-01-04 23:55 . 2010-01-04 23:55 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVENG.SYS
2010-01-04 23:55 . 2010-01-04 23:55 876112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVEX15.SYS
2010-01-04 23:55 . 2010-01-04 23:55 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\EECTRL.SYS
2010-01-04 23:55 . 2010-01-04 23:55 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-04 23:55 . 2010-01-04 23:55 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-04 23:55 . 2010-01-04 23:55 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVENG32.DLL
2010-01-04 23:55 . 2010-01-04 23:55 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVEX32A.DLL
2010-01-04 23:54 . 2010-01-11 13:27 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-04 23:54 . 2010-01-04 23:54 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\ECMSVR32.DLL
2010-01-04 23:54 . 2010-01-04 23:58 546160 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-04 23:54 . 2010-01-04 23:54 797432 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-04 23:54 . 2010-01-04 23:54 2393648 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\CCERASER.DLL
2010-01-04 04:24 . 2007-06-06 14:12 -------- d-----w- c:\program files\Microsoft Works
2010-01-03 13:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 14:53 . 2010-01-02 14:55 1126168 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2010-01-02 14:53 . 2010-01-02 14:55 1471768 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2010-01-02 14:53 . 2010-01-02 14:55 587032 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2010-01-02 14:53 . 2010-01-02 14:55 758040 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2010-01-02 13:34 . 2007-09-01 19:07 -------- d-----w- c:\program files\Common Files\AOL
2010-01-01 20:42 . 2009-02-12 22:29 -------- d-----w- c:\program files\Tracker Software
2010-01-01 13:49 . 2010-01-01 13:49 100096 ----a-w- c:\users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\uninst.exe
2009-12-31 20:39 . 2009-12-31 20:39 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-30 21:07 . 2009-02-12 22:26 -------- d-----w- c:\program files\wellgames
2009-12-30 19:42 . 2009-12-30 19:42 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-12-30 15:35 . 2009-02-12 22:20 -------- d-----w- c:\program files\PartyGaming
2009-12-30 15:18 . 2009-02-10 17:27 -------- d-----w- c:\program files\Cat Slots
2009-12-30 15:14 . 2009-02-10 16:09 -------- d-----w- c:\program files\3C Texas Holdem Poker
2009-11-05 20:06 . 2009-11-05 20:06 1108992 ----a-w- c:\users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
2009-10-27 15:01 . 2010-01-03 16:58 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2010-01-03 16:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2010-01-03 16:58 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2010-01-03 16:58 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2010-01-03 16:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2010-01-03 16:58 48128 ----a-w- c:\windows\system32\mshtmler.dll
2007-06-06 21:44 . 2007-06-06 21:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-01-07 18:51 1880600 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-07 1880600]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-07 1880600]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2008-10-01 03:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2008-10-01 03:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2008-10-01 03:25 527304 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-05-14 785520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2009-03-19 1720832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-01 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"MMTray"="c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe" [2005-05-03 135168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-05 1601304]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Easy Dock"="c:\users\qcd\Documents\RCA EasyRip\EZDock.exe" [2008-05-14 536576]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2008-10-01 600008]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 68856]

c:\users\qcd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2009-11-5 1108992]
RCA Detective.lnk - c:\users\qcd\Documents\RCA Detective\RCADetective.exe [2008-8-6 1070080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-6 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [1/4/2010 6:55 PM 309296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [5/14/2008 8:30 AM 325128]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [1/4/2010 6:55 PM 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [1/4/2010 6:55 PM 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [1/10/2010 6:30 PM 343088]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 9:41 AM 298264]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [1/4/2010 6:55 PM 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/25/2007 10:48 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/4/2010 6:55 PM 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [1/4/2010 6:55 PM 40496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;*.pogo.com;*.mail.yahoo.com;*.aolcdn.com;*.yimg.com;
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\qcd\AppData\Roaming\Mozilla\Firefox\Profiles\xjkg16md.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\qcd\AppData\Roaming\Mozilla\Firefox\Profiles\xjkg16md.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-11 10:50
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-01-11 11:00:42
ComboFix-quarantined-files.txt 2010-01-11 16:00

Pre-Run: 155,693,477,888 bytes free
Post-Run: 156,775,383,040 bytes free

- - End Of File - - 6B832E739D7633A2AA60B2F21172F638

anatashamy
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-08
OS OS : windows vista
Points Points : 25339
# Likes # Likes : 0

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by Belahzur on 11th January 2010, 8:59 pm

Hello.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by anatashamy on 11th January 2010, 11:16 pm

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player 10 Plugin
AIM 7
Ancient Seal
AOL Install
Apple Mobile Device Support
Apple Software Update
Ares 2.1.1
AVG Free 8.5
AVG Online Backup
Axara Mobile Tools 1.2.0
Bonjour
Boogle Supreme (remove only)
Canon ScanGear Toolbox CS 2.2
Comcast High-Speed Internet Install Wizard
Conexant D850 PCI V.92 Modem
Crossword Compiler 8 Demo
Crossword Forge 5.5.5
Cruise Ship Tycoon
Dell Support Center (Support Software)
Dell System Customization Wizard
DellSupport
Digital Line Detect
Download Updater (AOL LLC)
DX-Ball 1.09
EarthLink Setup Files
Fish Tycoon
Games, Music, & Photos Launcher
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Gmail Notifier
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Insaniquarium Deluxe
Internet Service Offers Launcher
iTunes
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
Mayan Maze
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MobileMe Control Panel
Modem Diagnostic Tool
Motorola Driver Installation 3.4.0
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch® Jukebox
MyPlayCity Toolbar
Mystery Words
Name-That-Toon
NetWaiting
NetZero Connection Wizard
NetZero Internet
Norton Internet Security
NVIDIA Drivers
Opera
Peggle Deluxe
PLATO Web Learning Network Clients
Product Documentation Launcher
QuickTime
RCA Detective 1.0.0.96
RCA EasyRip™ 1.4.2.0
Rightdown Software - Toolbar
Rocket Power Big Air Mountain (remove only)
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Safari
Samsung USB Driver
Sarmsoft Resume Builder
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Shockwave
SigmaTel Audio
Sonic Activation Module
Spybot - Search & Destroy
Super Text Twist
The Print Shop 20
The Weather Channel Desktop 6
Trillian
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb976884)
URL Assistant
User's Guides
Viewpoint Media Player
'WE' Group Krakout
Weather Services
Windows Live installer
Windows Live Mail
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
Windows Mobile Resources
WISCO Computing Crossword Power 9.01
Word Link 2.0
Word Twist
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
Zoo Tycoon 2 Trial Version
Zuma Deluxe

anatashamy
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-08
OS OS : windows vista
Points Points : 25339
# Likes # Likes : 0

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by Belahzur on 12th January 2010, 1:38 am

Hello.

You are running two antivirus', I see from the uninstall list you have Norton installed, along with AVG. This is a bad idea as they can conflict and cause more problems. I would recommend that you remove Norton to avoid conflict and other future problems.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Ares 2.1.1
    AVG Free 8.5
    AVG Online Backup
    Java(TM) SE Runtime Environment 6
    Viewpoint Media Player

  • Click on the Uninstall/Change button at the top.

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    RegLock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

combofix txt Had to reboot to get into nething but I got it:)

Post by anatashamy on 12th January 2010, 4:43 am

ComboFix 10-01-04.01 - qcd 01/11/2010 22:48:08.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.958.365 [GMT -5:00]
Running from: c:\users\qcd\Desktop\ComboFix.exe
Command switches used :: c:\users\qcd\Desktop\CFscript.txt
AV: Norton Internet Security Online *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security Online *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Norton Internet Security Online *disabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-12-12 to 2010-01-12 )))))))))))))))))))))))))))))))
.

2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\users\qcd\AppData\Local\temp
2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-12 03:59 . 2010-01-12 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-12 03:44 . 2010-01-12 03:45 -------- d-----w- C:\32788R22FWJFW
2010-01-12 03:38 . 2010-01-04 23:54 165240 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2010-01-11 14:56 . 2010-01-11 14:57 -------- d-----w- c:\windows\SQL9_KB970892_ENU
2010-01-10 23:31 . 2009-12-31 02:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\Scxpx86.dll
2010-01-10 23:31 . 2009-12-31 02:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSXpx86.sys
2010-01-10 23:30 . 2009-12-31 02:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSxpx86.dll
2010-01-10 23:30 . 2009-12-31 02:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys
2010-01-10 23:29 . 2009-12-31 02:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSviA64.sys
2010-01-10 05:08 . 2010-01-10 05:08 -------- d-----w- c:\users\qcd\AppData\Roaming\funkitron
2010-01-10 03:19 . 2010-01-10 03:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 18:26 . 2010-01-10 05:18 -------- d-----w- c:\users\qcd\.SunDownloadManager
2010-01-09 06:15 . 2009-12-31 02:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\Scxpx86.dll
2010-01-09 06:15 . 2009-12-31 02:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSxpx86.dll
2010-01-09 06:15 . 2009-12-31 02:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSXpx86.sys
2010-01-09 06:15 . 2009-12-31 02:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSviA64.sys
2010-01-09 06:15 . 2009-12-31 02:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091230.004\IDSvix86.sys
2010-01-08 14:17 . 2010-01-08 14:17 -------- d-----r- c:\program files\Norton Support
2010-01-06 09:39 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-01-06 09:39 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-01-06 09:39 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-01-06 09:37 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-01-06 09:36 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2010-01-06 04:13 . 2009-08-24 12:47 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-01-04 23:58 . 2010-01-04 23:54 546160 ----a-r- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
2010-01-04 23:56 . 2010-01-04 23:55 25136 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-01-04 23:56 . 2010-01-04 23:56 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-04 23:56 . 2010-01-05 00:03 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-04 23:56 . 2010-01-04 23:56 -------- d-----w- c:\program files\Symantec
2010-01-04 23:55 . 2010-01-04 23:55 99376 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\ERASER.SYS
2010-01-04 23:55 . 2010-01-04 23:55 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVENG.SYS
2010-01-04 23:55 . 2010-01-04 23:55 876112 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVEX15.SYS
2010-01-04 23:55 . 2010-01-04 23:55 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\EECTRL.SYS
2010-01-04 23:55 . 2009-12-31 02:48 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2010-01-04 23:55 . 2009-12-31 02:48 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2010-01-04 23:55 . 2009-12-31 02:48 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2010-01-04 23:55 . 2010-01-04 23:55 1294680 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2010-01-04 23:55 . 2009-12-31 02:48 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2010-01-04 23:55 . 2010-01-04 23:55 136840 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2010-01-04 23:55 . 2010-01-04 23:55 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVENG32.DLL
2010-01-04 23:55 . 2010-01-04 23:55 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\NAVEX32A.DLL
2010-01-04 23:54 . 2010-01-04 23:54 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\ECMSVR32.DLL
2010-01-04 23:54 . 2009-12-31 02:48 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2010-01-04 23:54 . 2010-01-04 23:54 797432 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2010-01-04 23:54 . 2010-01-04 23:54 2393648 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090217.022\CCERASER.DLL
2010-01-04 23:54 . 2010-01-04 23:54 -------- d-----w- c:\windows\system32\drivers\NIS
2010-01-04 23:54 . 2010-01-04 23:54 -------- d-----w- c:\program files\Norton Internet Security
2010-01-04 23:54 . 2010-01-04 23:58 -------- d-----w- c:\programdata\Norton
2010-01-04 23:52 . 2010-01-04 23:52 -------- d-----w- c:\program files\NortonInstaller
2010-01-04 22:35 . 2010-01-04 22:35 -------- d-----w- c:\programdata\NortonInstaller
2010-01-04 18:08 . 2009-06-15 15:23 494592 ----a-w- c:\windows\system32\kerberos.dll
2010-01-04 18:08 . 2009-06-15 15:28 272384 ----a-w- c:\windows\system32\schannel.dll
2010-01-03 16:59 . 2009-10-27 15:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-03 13:09 . 2009-11-09 13:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-01-03 13:09 . 2009-11-09 13:30 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-01-03 13:09 . 2009-11-09 11:17 396800 ----a-w- c:\windows\system32\drivers\http.sys
2010-01-03 09:41 . 2009-08-29 03:41 1686528 ----a-w- c:\windows\system32\gameux.dll
2010-01-03 09:41 . 2009-08-29 03:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-03 09:41 . 2009-08-28 23:31 4247552 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-03 08:12 . 2009-08-31 15:16 428032 ----a-w- c:\windows\system32\EncDec.dll
2010-01-03 08:12 . 2009-08-31 15:21 292352 ----a-w- c:\windows\system32\psisdecd.dll
2010-01-03 08:12 . 2009-08-31 15:17 1244672 ----a-w- c:\windows\system32\mcmde.dll
2010-01-03 07:08 . 2009-09-10 15:29 311296 ----a-w- c:\windows\system32\unregmp2.exe
2010-01-03 07:08 . 2009-09-10 17:39 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-01-03 07:08 . 2009-09-10 17:40 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-01-03 07:08 . 2009-09-10 15:29 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2010-01-03 05:41 . 2009-07-14 13:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-01-03 05:23 . 2009-08-05 14:28 3467864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-01-03 05:23 . 2009-08-05 14:28 3502152 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-01-03 02:01 . 2009-09-10 17:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2010-01-03 02:01 . 2009-06-15 15:29 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-01-03 02:01 . 2009-06-15 15:23 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2010-01-03 02:01 . 2009-06-15 18:12 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-01-03 02:01 . 2009-06-15 15:28 72704 ----a-w- c:\windows\system32\secur32.dll
2010-01-03 02:01 . 2009-06-15 13:10 7680 ----a-w- c:\windows\system32\lsass.exe
2010-01-03 01:31 . 2009-03-03 04:20 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-01-03 01:31 . 2009-03-03 04:16 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-01-03 01:31 . 2009-03-03 04:19 549888 ----a-w- c:\windows\system32\rpcss.dll
2010-01-03 01:31 . 2009-03-03 01:59 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-01-03 01:31 . 2009-03-03 04:20 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-01-03 01:31 . 2009-03-03 02:40 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-01-03 01:31 . 2009-03-03 04:19 158720 ----a-w- c:\windows\system32\sdohlp.dll
2010-01-03 01:31 . 2009-03-03 04:19 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-01-03 01:31 . 2009-03-03 04:16 97280 ----a-w- c:\windows\system32\iasrecst.dll
2010-01-03 01:31 . 2009-03-03 04:16 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2010-01-03 01:31 . 2009-03-03 04:16 53248 ----a-w- c:\windows\system32\iasads.dll
2010-01-03 01:16 . 2009-08-10 13:05 1406464 ----a-w- c:\windows\system32\msxml6.dll
2010-01-03 01:16 . 2009-08-10 13:05 1260032 ----a-w- c:\windows\system32\msxml3.dll
2010-01-03 01:16 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-01-03 01:16 . 2009-08-10 13:05 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-01-03 01:16 . 2009-08-14 14:01 2031104 ----a-w- c:\windows\system32\win32k.sys
2010-01-02 23:38 . 2009-03-17 03:16 14848 ----a-w- c:\windows\system32\apilogen.dll
2010-01-02 23:38 . 2009-03-17 03:16 25600 ----a-w- c:\windows\system32\amxread.dll
2010-01-02 23:25 . 2009-06-10 12:07 2855424 ----a-w- c:\windows\system32\mf.dll
2010-01-02 23:25 . 2009-06-10 12:07 98816 ----a-w- c:\windows\system32\mfps.dll
2010-01-02 23:25 . 2009-06-10 10:15 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-01-02 23:25 . 2009-06-10 10:14 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2010-01-02 23:25 . 2009-06-10 08:50 2048 ----a-w- c:\windows\system32\mferror.dll
2010-01-02 23:11 . 2009-06-04 12:43 1871872 ----a-w- c:\windows\system32\mstscax.dll
2010-01-02 23:11 . 2009-06-04 12:47 36352 ----a-w- c:\windows\system32\tsgqec.dll
2010-01-02 23:11 . 2009-06-04 12:36 116736 ----a-w- c:\windows\system32\aaclient.dll
2010-01-02 22:48 . 2009-07-11 19:32 297984 ----a-w- c:\windows\system32\wlansec.dll
2010-01-02 22:48 . 2009-07-11 19:32 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2010-01-02 22:48 . 2009-07-11 19:26 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2010-01-02 22:48 . 2009-07-11 19:32 502272 ----a-w- c:\windows\system32\wlansvc.dll
2010-01-02 22:48 . 2009-07-11 19:32 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2010-01-02 22:48 . 2009-07-11 19:32 47104 ----a-w- c:\windows\system32\wlanapi.dll
2010-01-02 22:32 . 2009-04-23 12:56 696832 ----a-w- c:\windows\system32\localspl.dll
2010-01-02 22:17 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2010-01-02 22:17 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-02 22:17 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-01-02 22:17 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2010-01-02 22:17 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-01-02 22:17 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-01-02 22:16 . 2009-04-23 13:01 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2010-01-02 22:01 . 2008-06-05 04:50 30208 ----a-w- c:\windows\system32\xolehlp.dll
2010-01-02 22:01 . 2008-06-05 04:50 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2010-01-02 21:27 . 2009-09-04 12:38 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-01-02 19:24 . 2009-06-10 12:04 88576 ----a-w- c:\windows\system32\avifil32.dll
2010-01-02 19:24 . 2009-06-10 12:10 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-01-02 19:24 . 2009-06-10 12:07 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-01-02 19:24 . 2009-06-10 12:04 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-01-02 19:24 . 2009-06-10 12:10 31232 ----a-w- c:\windows\system32\msvidc32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 03:28 . 2008-05-10 17:51 -------- d-----w- c:\programdata\avg8
2010-01-12 02:40 . 2007-09-01 19:07 -------- d-----w- c:\programdata\Viewpoint
2010-01-11 14:58 . 2007-09-01 19:03 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-10 16:33 . 2009-02-16 18:08 -------- d-----w- c:\program files\Big Kahuna Reef 2
2010-01-10 14:20 . 2007-06-06 14:11 -------- d-----w- c:\program files\Google
2010-01-10 03:16 . 2007-06-06 14:00 -------- d-----w- c:\program files\Java
2010-01-07 22:30 . 2007-09-01 15:32 4232 ----a-w- c:\users\qcd\AppData\Roaming\wklnhst.dat
2010-01-07 00:06 . 2007-09-01 18:56 -------- d-----w- c:\programdata\Microsoft Help
2010-01-06 15:11 . 2007-09-01 19:08 -------- d-----w- c:\users\qcd\AppData\Roaming\U3
2010-01-05 03:50 . 2007-09-05 00:00 -------- d-----w- c:\users\qcd\AppData\Roaming\Yahoo!
2010-01-05 01:57 . 2009-01-13 14:23 680 ----a-w- c:\users\qcd\AppData\Local\d3d9caps.dat
2010-01-04 23:56 . 2010-01-04 23:56 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-01-04 23:56 . 2010-01-04 23:56 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-04 04:24 . 2007-06-06 14:12 -------- d-----w- c:\program files\Microsoft Works
2010-01-03 13:54 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-02 13:34 . 2007-09-01 19:07 -------- d-----w- c:\program files\Common Files\AOL
2010-01-01 20:42 . 2009-02-12 22:29 -------- d-----w- c:\program files\Tracker Software
2009-12-30 21:07 . 2009-02-12 22:26 -------- d-----w- c:\program files\wellgames
2009-12-30 15:35 . 2009-02-12 22:20 -------- d-----w- c:\program files\PartyGaming
2009-12-30 15:18 . 2009-02-10 17:27 -------- d-----w- c:\program files\Cat Slots
2009-12-30 15:14 . 2009-02-10 16:09 -------- d-----w- c:\program files\3C Texas Holdem Poker
2009-11-05 20:06 . 2009-11-05 20:06 1108992 ----a-w- c:\users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
2009-10-27 15:01 . 2010-01-03 16:58 56320 ----a-w- c:\windows\system32\iesetup.dll
2009-10-27 15:01 . 2010-01-03 16:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-27 15:01 . 2010-01-03 16:58 52736 ----a-w- c:\windows\AppPatch\iebrshim.dll
2009-10-27 14:59 . 2010-01-03 16:58 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-27 12:27 . 2010-01-03 16:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-27 10:56 . 2010-01-03 16:58 48128 ----a-w- c:\windows\system32\mshtmler.dll
2007-06-06 21:44 . 2007-06-06 21:43 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-06 14:22 . 2010-01-12 03:40 72106 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-01-12 03:41 75000 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-01 14:26 . 2010-01-12 03:41 12228 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2282408542-3759090798-812850881-1000_UserData.bin
+ 2007-09-01 12:38 . 2010-01-12 03:38 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-01 12:38 . 2010-01-11 13:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-01 12:38 . 2010-01-11 13:26 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-01 12:38 . 2010-01-12 03:38 65536 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-09-01 12:38 . 2010-01-12 03:38 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2007-09-01 12:38 . 2010-01-11 13:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-16 18:05 . 2010-01-11 13:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-16 18:05 . 2010-01-12 03:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-03 19:18 . 2010-01-10 23:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 19:18 . 2010-01-11 19:05 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-03 19:18 . 2010-01-11 19:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-03 19:18 . 2010-01-10 23:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-01-03 19:18 . 2010-01-10 23:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2010-01-03 19:18 . 2010-01-11 19:05 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2008-06-16 18:05 . 2010-01-12 03:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-16 18:05 . 2010-01-11 13:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-16 18:05 . 2010-01-11 13:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-16 18:05 . 2010-01-12 03:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-17 02:43 . 2010-01-12 03:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-09-17 02:43 . 2010-01-11 13:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-09-17 02:43 . 2010-01-12 03:38 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-17 02:43 . 2010-01-11 13:27 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-09-17 02:43 . 2010-01-11 13:27 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-09-17 02:43 . 2010-01-12 03:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-11 13:26 . 2010-01-11 13:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-12 03:38 . 2010-01-12 03:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-12 03:38 . 2010-01-12 03:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-01-11 13:26 . 2010-01-11 13:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-01-07 18:51 1880600 ----a-w- c:\program files\MyPlayCity\tbMyPl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-07 1880600]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyPl.dll" [2009-01-07 1880600]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2008-05-14 785520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 68856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2009-03-19 1720832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-09-01 1006264]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-08 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-08 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-08 81920]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"MMTray"="c:\progra~1\MUSICM~1\MUSICM~2\mm_tray.exe" [2005-05-03 135168]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064]
"Easy Dock"="c:\users\qcd\Documents\RCA EasyRip\EZDock.exe" [2008-05-14 536576]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-10 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 68856]

c:\users\qcd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\qcd\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2009-11-5 1108992]
RCA Detective.lnk - c:\users\qcd\Documents\RCA Detective\RCADetective.exe [2008-8-6 1070080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-6 50688]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1000000.07D\SymEFA.sys [1/4/2010 6:55 PM 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1000000.07D\BHDrvx86.sys [1/4/2010 6:55 PM 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1000000.07D\ccHPx86.sys [1/4/2010 6:55 PM 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100106.001\IDSvix86.sys [1/10/2010 6:30 PM 343088]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [1/4/2010 6:55 PM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/4/2010 6:55 PM 99376]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1000000.07D\symndisv.sys [1/4/2010 6:55 PM 40496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;cf.netzero.net;qs.netzero.net;*.quicken.com;*.pogo.com;*.mail.yahoo.com;*.aolcdn.com;*.yimg.com;
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Display All Images with Full Quality - c:\program files\NetZero\qsacc\appres.dll/228
IE: Display Image with Full Quality - c:\program files\NetZero\qsacc\appres.dll/227
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: netzero.com
Trusted Zone: netzero.net
FF - ProfilePath - c:\users\qcd\AppData\Roaming\Mozilla\Firefox\Profiles\xjkg16md.default\
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\users\qcd\AppData\Roaming\Mozilla\Firefox\Profiles\xjkg16md.default\extensions\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}\components\FFAlert.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-01-11 22:59
Windows 6.0.6000 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-01-11 23:03:08
ComboFix-quarantined-files.txt 2010-01-12 04:03
ComboFix2.txt 2010-01-11 16:00

Pre-Run: 161,081,917,440 bytes free
Post-Run: 161,060,884,480 bytes free

- - End Of File - - 95B6EA2BFF0597571ABF443C05CE527F

anatashamy
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-08
OS OS : windows vista
Points Points : 25339
# Likes # Likes : 0

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by Belahzur on 12th January 2010, 7:07 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

much better:)

Post by anatashamy on 12th January 2010, 9:06 pm

Thank you very much. It runs much better now:) I can get online without any trouble and pages actually show up all of the time. I can open things on the pc better, and some of the things just stopped working at some point(prob from me trying to fix something) and they are working again. It is faster and just all around much improved.
I still have a lot of things to do with it....little by little I will get it all done. I have joined the academy and hopefully will learn enough in all of the tutorials I'll be reading to help me not mess up the pc:)
I have an external drive that I want to put most everything on to keep the pc more open...but that is just something I do some of here and there....I have a lot of pics on the pc and like to play pc games....I try to remember to install them onto the external drive.
Thank you,
looking forward to learning and helping people:)

anatashamy
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-08
OS OS : windows vista
Points Points : 25339
# Likes # Likes : 0

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by Belahzur on 13th January 2010, 12:17 am

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: extra slow pc, duplicating trojan, not sure what else

Post by anatashamy on 13th January 2010, 2:10 am

I'm working on a downloading problem right now. Been trying to download the newer versions of firefox, ie8, safari, and or opera...tried 2 others as well...I haven't been able to get any of them going yet...trying to download them to the external hard drive to see if that will work.
I'll keep working on it until I get it:)
Thank you for all of your help...I do take your advise seriously and will try to get it all done asap
Thank you
xxx

anatashamy
Novice
Novice

Posts Posts : 7
Joined Joined : 2010-01-08
OS OS : windows vista
Points Points : 25339
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum