Jump to content
Sign in to follow this  
ohmygosh18

Hi, I Have An Infected Computer Can You Please Help Me?

Recommended Posts

My uncle complained about his laptop being so slow so I checked it out and wahla, it was very slow.

So I scanned his computer using malewarbytes and they found about 44 infections.

He also has Norton Antivirus installed and that scans his computer periodically.

 

This is the HJT log:

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:30:26 PM, on 8/4/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061004

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\IPS\IPSBHO.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll

O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (file missing)

O3 - Toolbar: Norton Safe Web Lite - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\coIEPlg.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206735829734

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - (no file)

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Norton Disk Doctor Service (DiskDoctorService) - Symantec Corporation - C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: Google Desktop Manager 5.5.709.30344 (GoogleDesktopManager-093007-112848) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate1ca709da627c5e2) (gupdate1ca709da627c5e2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: Norton Safe Web Lite (NSL) - Symantec Corporation - C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe

O23 - Service: Norton SpeedDisk Service (SpeedDiskService) - Symantec Corporation - C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

 

--

End of file - 11555 bytes

 

 

This is the DDS log:

 

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Muhammad A. Sesay Sr at 22:31:49 on 2011-08-04

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.183 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe

C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\program files\real\realplayer\update\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Program Files\Mozilla Firefox\firefox.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.6.0.29\ips\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL

TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\1.2.0.6\coIEPlg.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: musicmatch.com\online

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206735829734

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

TCP: Interfaces\{DECB4F86-18D1-4923-972C-45F33065EA00} : DhcpNameServer = 192.168.1.1 71.252.0.12

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

STS: {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - No File

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\muhammad a. sesay sr\application data\mozilla\firefox\profiles\28dxc8sn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Search

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\all users\application data\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_1.2.0.6\coffnst\components\coFFNST.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - component: c:\documents and settings\muhammad a. sesay sr\application data\mozilla\firefox\profiles\28dxc8sn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\muhammad a. sesay sr\application data\mozilla\firefox\profiles\28dxc8sn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAskSBr.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1206000.01d\symds.sys [2011-5-10 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1206000.01d\symefa.sys [2011-5-10 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\bashdefs\20110723.001\BHDrvx86.sys [2011-7-22 815736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1206000.01d\ironx86.sys [2011-5-10 136312]

R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\norton utilities 15\tools\disk doctor\DiskDoctorSrv.exe [2011-2-9 1029480]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-3-23 10384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.6.0.29\ccsvchst.exe [2011-5-10 130008]

R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\1.2.0.6\ccSvcHst.exe [2011-2-23 130000]

R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\norton utilities 15\tools\speeddisk\SpeedDiskSrv.exe [2011-2-9 1037672]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-8-3 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\ipsdefs\20110803.030\IDSXpx86.sys [2011-8-3 355256]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110804.021\NAVENG.SYS [2011-8-4 86136]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.5.0.125\definitions\virusdefs\20110804.021\NAVEX15.SYS [2011-8-4 1576312]

S2 gupdate1ca709da627c5e2;Google Update Service (gupdate1ca709da627c5e2);c:\program files\google\update\GoogleUpdate.exe [2009-11-28 133104]

S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]

S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [2008-8-29 5120]

S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2006-10-4 29744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-28 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-3 41272]

S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2011-2-9 128248]

S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2011-2-9 108800]

.

=============== Created Last 30 ================

.

2011-08-05 02:21:50 -------- d-----w- C:\HJT

2011-08-05 02:20:41 388096 ----a-r- c:\documents and settings\muhammad a. sesay sr\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe

2011-08-03 23:46:56 -------- d-----w- c:\documents and settings\muhammad a. sesay sr\application data\Malwarebytes

2011-08-03 23:44:01 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-03 23:43:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-08-03 23:43:29 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-03 23:43:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-06-05 23:35:19 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-11 02:07:08 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-11 02:07:08 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

.

============= FINISH: 22:33:19.95 ===============

 

 

This is the Attach log:

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-06-23.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 10/10/2006 7:36:14 PM

System Uptime: 8/4/2011 10:05:32 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 0KD882

Processor: Genuine Intel® CPU T2250 @ 1.73GHz | Microprocessor | 1728/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 79 GiB total, 52.614 GiB free.

D: is FIXED (NTFS) - 26 GiB total, 26.165 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}

Description: Officejet 4500 G510n-z

Device ID: ROOT\IMAGE\0000

Manufacturer: HP

Name: 4500 G510n-z,192.168.1.12

PNP Device ID: ROOT\IMAGE\0000

Service: StillCam

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP327: 5/8/2011 11:52:16 AM - System Checkpoint

RP328: 5/10/2011 11:20:04 PM - Removed HPSU306Stub

RP329: 5/10/2011 11:50:16 PM - Printer Driver HP Officejet 4500 G510n-z fax Installed

RP330: 5/11/2011 3:00:36 AM - Software Distribution Service 3.0

RP331: 5/15/2011 11:18:37 AM - Software Distribution Service 3.0

RP332: 5/15/2011 9:07:06 PM - Software Distribution Service 3.0

RP333: 5/17/2011 11:01:11 PM - Installed H&R Block Deluxe + Efile + State 2010.

RP334: 5/18/2011 2:23:13 AM - Installed H&R Block Maryland 2010.

RP335: 5/18/2011 3:00:26 AM - Software Distribution Service 3.0

RP336: 5/24/2011 11:44:12 PM - Printer Driver HP Officejet 4500 G510n-z fax Installed

RP337: 5/26/2011 8:03:20 PM - System Checkpoint

RP338: 6/5/2011 6:38:53 PM - System Checkpoint

RP339: 6/13/2011 9:28:00 PM - System Checkpoint

RP340: 6/20/2011 1:59:14 PM - Software Distribution Service 3.0

RP341: 6/23/2011 11:17:56 PM - System Checkpoint

RP342: 6/25/2011 12:16:25 AM - System Checkpoint

RP343: 6/30/2011 12:10:51 AM - Software Distribution Service 3.0

RP344: 7/10/2011 5:14:39 PM - Software Distribution Service 3.0

RP345: 8/2/2011 11:12:46 PM - System Checkpoint

RP346: 8/3/2011 7:30:59 PM - Software Distribution Service 3.0

RP347: 8/4/2011 10:14:56 PM - Software Distribution Service 3.0

RP348: 8/4/2011 10:20:39 PM - Installed HiJackThis

.

==== Installed Programs ======================

.

.

32 Bit HP CIO Components Installer

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 9.1

America Online (Choose which version to remove)

AOL Coach Version 1.0(Build:20040229.1 en)

AOL Connectivity Services

AOLIcon

Banctec Service Agreement

Bisk CPA Review Software 12.03

BufferChm

CDDRV_Installer

Compatibility Pack for the 2007 Office system

Conexant HDA D110 MDC V.92 Modem

CustomerResearchQFolder

Dell Digital Jukebox Driver

Dell Game Console

Dell Support 3.2

Dell System Restore

Dell Wireless WLAN Card

DellConnect

Destinations

DeviceDiscovery

DeviceFunctionQFolder

DeviceManagementQFolder

Digital Content Portal

Digital Line Detect

DocMgr

DocProc

Documentation & Support Launcher

DocumentViewerQFolder

EarthLink setup files

ELIcon

Fax

FinCoach 2.0

FullDPAppQFolder

Games, Music, & Photos Launcher

Google Chrome

Google Desktop

Google Earth

Google Pack Screensaver

Google Toolbar for Internet Explorer

Google Update Helper

Google Updater

GoToAssist 8.0.0.514

GPBaseService2

H&R Block Deluxe + Efile + State 2009

H&R Block Deluxe + Efile + State 2010

H&R Block Maryland 2009

H&R Block Maryland 2010

High Definition Audio Driver Package - KB835221

HiJackThis

Hotfix 2050 for SQL Server 2000 ENU (KB948110)

Hotfix 2055 for SQL Server 2000 ENU (KB960082)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Officejet 4500 G510n-z

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HPProductAssistant

HPSSupply

HPSystemDiagnostics

Intel® Graphics Media Accelerator Driver

J2SE Runtime Environment 5.0 Update 6

KhalInstallWrapper

Logitech SetPoint

LP_Flash

Malwarebytes' Anti-Malware version 1.51.1.1800

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office File Validation Add-In

Microsoft Office Outlook 2003 with Business Contact Manager Update

Microsoft Office Professional Edition 2003

Microsoft Office Word Viewer 2003

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Modem Helper

Mozilla Firefox 4.0.1 (x86 en-US)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Musicmatch® Jukebox

NetWaiting

Network

Norton AntiVirus

Norton Safe Web Lite

Norton Utilities 15

OCR Software by I.R.I.S. 13.0

PC Tutor Learn Office Windows & More Deluxe

Pdf995

PdfEdit995

PowerDVD 5.7

QFolder

QuickSet

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

RitzPix E-Z Print & Share

Scan

SearchAssist

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB974455)

Security Update for Windows Internet Explorer 8 (KB976325)

Security Update for Windows Internet Explorer 8 (KB978207)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

Shockwave

Shop for HP Supplies

Skype web features

Skype™ 4.1

SmartWebPrinting

SolutionCenter

Sonic DLA

Sonic Encoders

Sonic MyDVD LE

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sony Picture Utility

Sony USB Driver

Status

TaxCut Maryland 2007

TaxCut Maryland 2008

TaxCut Premium + State + Efile 2008

TaxCut Premium + State 2007

TaxCut Premium 2006

Toolbox

TrayApp

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmdiper

TurboTax 2010 wrapper

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 8 (KB975364)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB976749)

Update for Windows Internet Explorer 8 (KB980182)

Update for Windows Media Player 10 (KB910393)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2541763)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Rollup 2 for Windows XP Media Center Edition 2005

URL Assistant

Viewpoint Media Player

WebFldrs XP

WebReg

WildTangent Web Driver

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live OneCare safety scanner

Windows Media Format Runtime

Windows Media Player 10

Windows Media Player 10 Hotfix [see EmeraldQFE2 for more information]

Windows Rights Management Client Backwards Compatibility SP2

Windows Rights Management Client with Service Pack 2

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB908246

Windows XP Media Center Edition 2005 KB908250

Windows XP Media Center Edition 2005 KB912067

Windows XP Media Center Edition 2005 KB973768

Windows XP Service Pack 3

WinWay Resume Deluxe

.

==== Event Viewer Messages From Past Week ========

.

8/3/2011 9:29:44 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.

8/2/2011 8:50:37 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: szkg

.

==== End Of File ===========================

 

 

This is the malewarbytes log:

 

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

 

Database version: 7367

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

8/3/2011 9:27:19 PM

mbam-log-2011-08-03 (21-27-19).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 289513

Time elapsed: 1 hour(s), 24 minute(s), 0 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 33

Registry Values Infected: 7

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 3

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{B15FD82E-85BC-430d-90CB-65DB1B030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\TypeLib\{F0D4B230-DA4B-4daf-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{F0D4B23A-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AskSBar.ToolbarPlugin.1 (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\AskSBar.ToolbarPlugin (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AskSBar Uninstall (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} (Adware.AskSBAR) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} (Search.Hijacker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343CE214-9998-4B21-A151-FFE970167297} (Rogue.Installer) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{53E0B6E8-A51D-448B-B692-40B67B285543} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFC08CFF-C737-4433-BD5A-0EE7EFCFEE54} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F10587E9-0E47-4CBE-ABCD-7DD20B862223} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6} (Adware.180Solutions) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.MailAnim (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.MailAnim.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.WebmailSend (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\HostOL.WebmailSend.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\InstIE.HbInstObj (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\InstIE.HbInstObj.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Srv.CoreServices (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Srv.CoreServices.1 (Adware.Zango) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\sbtv (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\SBTV (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Value: {9034A523-D068-4BE8-A284-9DF278BE776E} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034A523-D068-4BE8-A284-9DF278BE776E} (Trojan.Zlob) -> Value: {9034A523-D068-4BE8-A284-9DF278BE776E} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07AA283A-43D7-4CBE-A064-32A21112D94D} (Adware.Zango) -> Value: {07AA283A-43D7-4CBE-A064-32A21112D94D} -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\id (Malware.Trace) -> Value: id -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\host (Malware.Trace) -> Value: host -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Services\del (Malware.Trace) -> Value: del -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\program files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.

c:\documents and settings\muhammad a. sesay sr\application data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\clicktofindandfixerrors_us.ico (Malware.Trace) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

ohmygosh18,

 

Norton has a tendency to slow things down, particularly if there is malware in the system.

 

Let's do the following:

 

 

Please download ComboFix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

Save ComboFix.exe to your Desktop!!

 

 

Make sure you disable your Norton AntiVirus and any other AntiSpyware applications, usually via a right clicking on the System Tray icon. They may otherwise interfere with the running of CF.

 

Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link: http://www.bleepingcomputer.com/forums/topic114351.html

 

 

Double-click on ComboFix.exe to run the program.

 

XP users (only) - install the Recovery Console when presented with the option

 

Click on Yes, to continue scanning for malware.

 

When finished, CF produces a report.

 

Please provide a copy of the C:\ComboFix.txt in your reply.

 

 

 

Notes:

 

1.Do not mouse-click the ComboFix window while it is running.

This action may cause it to stall.

 

2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.

 

3. CF disconnects your machine from the internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Share this post


Link to post
Share on other sites

Combo fix log:

 

 

ComboFix 11-08-07.03 - Muhammad A. Sesay Sr 08/08/2011 11:52:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.327 [GMT -4:00]

Running from: c:\documents and settings\Muhammad A. Sesay Sr\My Documents\Downloads\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Muhammad A. Sesay Sr\GoToAssistDownloadHelper.exe

c:\program files\Common Files\asks~1

c:\program files\Common Files\crosof~1.net

c:\program files\Common Files\mantec~1

c:\program files\Common Files\mcroso~1

c:\program files\Common Files\ssembl~1

c:\program files\Common Files\sstem3~1

c:\program files\Common Files\wnsxs~1

c:\program files\fnts~1

c:\program files\mcroso~1

c:\program files\ppatch~1

c:\program files\pppatc~1

c:\program files\Registry Defender

c:\program files\Registry Defender\backup\11_3_2006.reg

c:\program files\Registry Defender\report.csv

c:\program files\sembly~1

c:\program files\sks~1

c:\program files\smante~1

c:\program files\wnsxs~1

c:\windows\crosof~1

c:\windows\Google Pack Screensaver Uninstaller.exe

c:\windows\system32\drivers\1028_DELL_XPS_MM061 .MRK

c:\windows\system32\drivers\DELL_XPS_MM061 .MRK

c:\windows\system32\oem33.inf

c:\windows\system32\pppatc~1

c:\windows\system32\racle~1

c:\windows\system32\smante~1

c:\windows\system32\sstem~1

c:\windows\system32\sstem3~1

c:\windows\system32\tmp.reg

c:\windows\system32\wintsvsu.exe

c:\windows\wnsxs~1

c:\windows\ystem3~1

D:\AUTORUN.INF

.

.

((((((((((((((((((((((((( Files Created from 2011-07-08 to 2011-08-08 )))))))))))))))))))))))))))))))

.

.

2011-08-06 18:08 . 2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe

2011-08-06 18:08 . 2006-03-22 21:52 1052672 ----a-w- c:\windows\system32\stlang.dll

2011-08-06 18:08 . 2006-03-24 21:32 4882432 ----a-w- c:\windows\system32\stacgui.cpl

2011-08-06 17:57 . 2011-08-06 17:50 457 ----a-w- c:\windows\system32\vcredist_x86.bat

2011-08-06 17:57 . 2011-08-06 17:50 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe

2011-08-06 17:57 . 2011-08-06 17:50 159744 ----a-w- c:\windows\system32\bcmwlapi.dll

2011-08-06 17:57 . 2011-08-06 17:50 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-08-06 17:45 . 2011-08-06 17:45 -------- d-----w- c:\program files\Broadcom

2011-08-06 17:21 . 2000-01-01 00:00 172032 ----a-w- c:\windows\system32\igfxres.dll

2011-08-06 17:14 . 2000-01-01 00:00 57344 ----a-w- c:\windows\system32\igxprd32.dll

2011-08-06 17:14 . 2000-01-01 00:00 5704672 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2011-08-06 17:14 . 2000-01-01 00:00 2556928 ----a-w- c:\windows\system32\igxpdx32.dll

2011-08-06 17:14 . 2000-01-01 00:00 204800 ----a-w- c:\windows\system32\igfxCoIn_v4814.dll

2011-08-06 17:14 . 2000-01-01 00:00 1612992 ----a-w- c:\windows\system32\igxpdv32.dll

2011-08-06 17:14 . 2000-01-01 00:00 149504 ----a-w- c:\windows\system32\igxpgd32.dll

2011-08-06 17:14 . 2011-08-06 17:14 -------- d-----w- c:\windows\system32\Lang

2011-08-06 17:14 . 2000-01-01 00:00 400152 ----a-w- c:\windows\system32\igxpun.exe

2011-08-06 17:13 . 2011-08-06 17:13 -------- d-----w- C:\Intel

2011-08-06 17:04 . 2011-08-08 16:26 12984 ----a-w- c:\windows\system32\drivers\SETE.tmp

2011-08-06 17:04 . 2011-08-08 15:37 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2011-08-06 17:04 . 2011-08-06 17:04 -------- d-----w- c:\program files\SlimDrivers

2011-08-06 17:02 . 2011-08-06 17:04 -------- d-----w- c:\documents and settings\Muhammad A. Sesay Sr\Local Settings\Application Data\SlimWare Utilities Inc

2011-08-06 17:01 . 2011-08-06 17:03 -------- d-----w- c:\program files\SlimCleaner

2011-08-06 17:00 . 2011-08-06 17:03 -------- d-----w- c:\program files\Downloaded Installers

2011-08-05 02:38 . 2011-08-05 02:38 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-08-05 02:38 . 2011-08-05 02:38 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-08-05 02:21 . 2011-08-05 02:23 -------- d-----w- C:\HJT

2011-08-05 02:20 . 2011-08-05 02:20 388096 ----a-r- c:\documents and settings\Muhammad A. Sesay Sr\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-03 23:46 . 2011-08-03 23:46 -------- d-----w- c:\documents and settings\Muhammad A. Sesay Sr\Application Data\Malwarebytes

2011-08-03 23:44 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-03 23:43 . 2011-08-03 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-03 23:43 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-03 23:43 . 2011-08-03 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-06 17:50 . 2006-10-04 06:03 65536 ----a-w- c:\windows\system32\wltrynt.dll

2011-08-06 17:50 . 2006-10-04 06:03 2801664 ----a-w- c:\windows\system32\WLTRAY.EXE

2011-08-06 17:50 . 2006-10-04 06:03 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE

2011-08-06 17:50 . 2006-10-04 06:03 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL

2011-08-06 17:50 . 2006-10-04 06:03 143360 ----a-w- c:\windows\system32\preflib.dll

2011-08-06 17:50 . 2006-10-04 06:03 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll

2011-08-06 17:50 . 2006-10-04 06:03 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS

2011-08-06 17:50 . 2006-10-04 06:03 319488 ----a-w- c:\windows\system32\bcmwlu00.exe

2011-08-06 17:50 . 2006-10-04 06:03 2535424 ----a-w- c:\windows\system32\BCMWLTRY.EXE

2011-08-06 17:50 . 2006-10-04 06:03 5464064 ----a-w- c:\windows\system32\BCMWLCPL.CPL

2011-08-06 17:50 . 2006-10-04 06:28 843776 ----a-w- c:\windows\system32\BCMLogon.dll

2011-08-06 17:50 . 2006-10-04 06:03 3357952 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS

2011-08-06 17:50 . 2006-10-04 06:03 761856 ----a-w- c:\windows\system32\bcm1xsup.dll

2011-06-05 23:35 . 2011-06-05 23:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2005-08-16 09:18 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-05-11 02:07 . 2011-02-10 02:51 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL

2011-05-11 02:07 . 2011-02-10 02:51 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2011-08-05 02:38 . 2011-06-06 01:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-02-10 14:44 . 2006-10-21 03:18 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-03-20 66912]

.

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-03-20 02:56 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2011-08-01 26441568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-04 98304]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2011-08-06 2801664]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-03 273544]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-23 809488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-29 20:41 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Muhammad A. Sesay Sr^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]

backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kutaf

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pas_check

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USDR6cw

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2011-08-06 17:50 2801664 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2006-06-29 17:13 1032192 -c--a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-07-17 02:29 389120 -c--a-w- c:\program files\Dell Support\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2004-12-06 06:05 127035 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-12-10 01:29 49152 -c--a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-02-10 14:44 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2000-01-01 00:00 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2000-01-01 00:00 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2000-01-01 00:00 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 07:24 20480 -c--a-w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OurPictures]

2006-06-19 22:30 4796416 -c--a-w- c:\program files\RitzPix E-Z Print & Share\OurPictures.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-10-04 06:36 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-05-11 14:01 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/10/2011 10:07 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/10/2011 10:07 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [7/22/2011 8:27 PM 815736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/10/2011 10:07 PM 136312]

R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2/9/2011 8:31 PM 1029480]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/23/2009 8:02 PM 10384]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/10/2011 10:06 PM 130008]

R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2/23/2011 2:15 AM 130000]

R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2/9/2011 8:31 PM 1037672]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2011 7:42 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110805.030\IDSXpx86.sys [8/6/2011 1:08 PM 355256]

S2 gupdate1ca709da627c5e2;Google Update Service (gupdate1ca709da627c5e2);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2009 10:42 PM 133104]

S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [8/29/2008 4:58 PM 5120]

S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/4/2006 2:44 AM 29744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2009 10:42 PM 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/3/2011 7:44 PM 41272]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/6/2011 1:04 PM 12984]

S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2/9/2011 8:31 PM 128248]

S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2/9/2011 8:31 PM 108800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 02:10]

.

2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 02:42]

.

2011-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 02:42]

.

2011-06-05 c:\windows\Tasks\NUSchedule.job

- c:\program files\Norton Utilities 15\nu.exe [2011-02-10 07:23]

.

2011-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-635465142-2021310143-3459090557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-08-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-635465142-2021310143-3459090557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: intuit.com\ttlc

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

FF - ProfilePath - c:\documents and settings\Muhammad A. Sesay Sr\Application Data\Mozilla\Firefox\Profiles\28dxc8sn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe

AddRemove-Broadcom 802.11b Network Adapter - c:\program files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe

AddRemove-Google Pack Screensaver - c:\windows\Google Pack Screensaver Uninstaller.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-08 12:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(924)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\System32\BCMLogon.dll

.

- - - - - - - > 'explorer.exe'(5488)

c:\windows\system32\WININET.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\bcmwltry.exe

c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\System32\GEARSec.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe

c:\program files\Dell\QuickSet\NICCONFIGSVC.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrvProxy.exe

c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrvProxy.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\stsystra.exe

c:\program files\HP\Digital Imaging\bin\hpqimzone.exe

c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2011-08-08 12:34:58 - machine was rebooted

ComboFix-quarantined-files.txt 2011-08-08 16:34

.

Pre-Run: 55,392,444,416 bytes free

Post-Run: 55,603,679,232 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - EA2F61ADEE18E520352CC0B6DEB95C3B

Share this post


Link to post
Share on other sites

ohmygosh18,

 

Thank you for posting the report.

 

Please do the following:

 

Open Notepad and copy/paste the text in the codebox below into it:

 

Registry::
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"=-
[-HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

Folder::
c:\program files\AskSBar

Save as CFScript.txt

 

 

Posted Image

 

Referring to the picture above, drag CFScript.txt into ComboFix.exe

 

When finished, it produces a log.

 

Please post the log in your reply.

 

~~~~

Next, please download TFC to your Desktop.

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note:

-Save your work, TFC automatically closes any open programs.

 

~~~~

Last, download Security Check

 

Save it to the Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions (in the black box.)

When done, a Notepad document opens automatically: checkup.txt

 

Please post the contents of checkup.txt in your reply.

 

Also, notice any improvement?

Edited by Aaflac

Share this post


Link to post
Share on other sites

Yes the computer is performing way better than before.

 

check up log:

 

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Norton AntiVirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

SlimCleaner

Adobe Flash Player 10.3.181.14

Adobe Reader 9.1

Out of date Adobe Reader installed!

Mozilla Firefox (x86 en-US..) Firefox Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

 

 

 

combo fix:

 

ComboFix 11-08-08.03 - Muhammad A. Sesay Sr 08/09/2011 0:19.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.301 [GMT -4:00]

Running from: c:\documents and settings\Muhammad A. Sesay Sr\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Muhammad A. Sesay Sr\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\AskSBar

c:\program files\AskSBar\bar\1.bin\A2FFXTBR.JAR

c:\program files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST

c:\program files\AskSBar\bar\1.bin\A2HIGHIN.EXE

c:\program files\AskSBar\bar\1.bin\A2NTSTBR.JAR

c:\program files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST

c:\program files\AskSBar\bar\1.bin\A2PLUGIN.DLL

c:\program files\AskSBar\bar\1.bin\NPASKSBR.DLL

c:\program files\AskSBar\bar\Cache\000301B6.bin

c:\program files\AskSBar\bar\Cache\0003033D.bin

c:\program files\AskSBar\bar\Cache\00030418.bin

c:\program files\AskSBar\bar\Cache\000304C4.bin

c:\program files\AskSBar\bar\Cache\000305DD.bin

c:\program files\AskSBar\bar\Cache\00030764.bin

c:\program files\AskSBar\bar\Cache\00030A52.bin

c:\program files\AskSBar\bar\Cache\00030BE8.bin

c:\program files\AskSBar\bar\Cache\00030DDC.bin

c:\program files\AskSBar\bar\Cache\000310E9.bin

c:\program files\AskSBar\bar\Cache\00031260.bin

c:\program files\AskSBar\bar\Cache\000313E7.bin

c:\program files\AskSBar\bar\Cache\00031658.bin

c:\program files\AskSBar\bar\Cache\000318E8.bin

c:\program files\AskSBar\bar\Cache\00031B3A.bin

c:\program files\AskSBar\bar\Cache\003913A2

c:\program files\AskSBar\bar\Cache\files.ini

c:\program files\AskSBar\bar\History\search2

c:\program files\AskSBar\bar\Settings\prevcfg2.htm

c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

.

.

((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))

.

.

2011-08-09 04:08 . 2011-08-09 04:08 -------- d-----w- c:\windows\LastGood

2011-08-06 18:08 . 2006-03-24 21:30 282624 ----a-w- c:\windows\stsystra.exe

2011-08-06 18:08 . 2006-03-22 21:52 1052672 ----a-w- c:\windows\system32\stlang.dll

2011-08-06 18:08 . 2006-03-24 21:32 4882432 ----a-w- c:\windows\system32\stacgui.cpl

2011-08-06 17:57 . 2011-08-06 17:50 457 ----a-w- c:\windows\system32\vcredist_x86.bat

2011-08-06 17:57 . 2011-08-06 17:50 2682880 ----a-w- c:\windows\system32\vcredist_x86.exe

2011-08-06 17:57 . 2011-08-06 17:50 159744 ----a-w- c:\windows\system32\bcmwlapi.dll

2011-08-06 17:57 . 2011-08-06 17:50 91448 ----a-w- c:\windows\system32\bcmwlcoi.dll

2011-08-06 17:45 . 2011-08-06 17:45 -------- d-----w- c:\program files\Broadcom

2011-08-06 17:21 . 2000-01-01 00:00 172032 ----a-w- c:\windows\system32\igfxres.dll

2011-08-06 17:14 . 2000-01-01 00:00 57344 ----a-w- c:\windows\system32\igxprd32.dll

2011-08-06 17:14 . 2000-01-01 00:00 5704672 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2011-08-06 17:14 . 2000-01-01 00:00 2556928 ----a-w- c:\windows\system32\igxpdx32.dll

2011-08-06 17:14 . 2000-01-01 00:00 204800 ----a-w- c:\windows\system32\igfxCoIn_v4814.dll

2011-08-06 17:14 . 2000-01-01 00:00 1612992 ----a-w- c:\windows\system32\igxpdv32.dll

2011-08-06 17:14 . 2000-01-01 00:00 149504 ----a-w- c:\windows\system32\igxpgd32.dll

2011-08-06 17:14 . 2011-08-06 17:14 -------- d-----w- c:\windows\system32\Lang

2011-08-06 17:14 . 2000-01-01 00:00 400152 ----a-w- c:\windows\system32\igxpun.exe

2011-08-06 17:13 . 2011-08-06 17:13 -------- d-----w- C:\Intel

2011-08-06 17:04 . 2011-08-09 04:08 12984 ----a-w- c:\windows\system32\drivers\SWDUMon.sys

2011-08-06 17:04 . 2011-08-06 17:04 -------- d-----w- c:\program files\SlimDrivers

2011-08-06 17:02 . 2011-08-06 17:04 -------- d-----w- c:\documents and settings\Muhammad A. Sesay Sr\Local Settings\Application Data\SlimWare Utilities Inc

2011-08-06 17:01 . 2011-08-06 17:03 -------- d-----w- c:\program files\SlimCleaner

2011-08-06 17:00 . 2011-08-06 17:03 -------- d-----w- c:\program files\Downloaded Installers

2011-08-05 02:38 . 2011-08-05 02:38 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-08-05 02:38 . 2011-08-05 02:38 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-08-05 02:21 . 2011-08-05 02:23 -------- d-----w- C:\HJT

2011-08-05 02:20 . 2011-08-05 02:20 388096 ----a-r- c:\documents and settings\Muhammad A. Sesay Sr\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-03 23:46 . 2011-08-03 23:46 -------- d-----w- c:\documents and settings\Muhammad A. Sesay Sr\Application Data\Malwarebytes

2011-08-03 23:44 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-03 23:43 . 2011-08-03 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-08-03 23:43 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-03 23:43 . 2011-08-03 23:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-06 17:50 . 2006-10-04 06:03 65536 ----a-w- c:\windows\system32\wltrynt.dll

2011-08-06 17:50 . 2006-10-04 06:03 2801664 ----a-w- c:\windows\system32\WLTRAY.EXE

2011-08-06 17:50 . 2006-10-04 06:03 25088 ----a-w- c:\windows\system32\WLTRYSVC.EXE

2011-08-06 17:50 . 2006-10-04 06:03 2670592 ----a-w- c:\windows\system32\WLBCGCBPRO731.DLL

2011-08-06 17:50 . 2006-10-04 06:03 143360 ----a-w- c:\windows\system32\preflib.dll

2011-08-06 17:50 . 2006-10-04 06:03 69632 ----a-w- c:\windows\system32\bcmwlpkt.dll

2011-08-06 17:50 . 2006-10-04 06:03 33664 ----a-w- c:\windows\system32\drivers\BCMWLNPF.SYS

2011-08-06 17:50 . 2006-10-04 06:03 319488 ----a-w- c:\windows\system32\bcmwlu00.exe

2011-08-06 17:50 . 2006-10-04 06:03 2535424 ----a-w- c:\windows\system32\BCMWLTRY.EXE

2011-08-06 17:50 . 2006-10-04 06:03 5464064 ----a-w- c:\windows\system32\BCMWLCPL.CPL

2011-08-06 17:50 . 2006-10-04 06:28 843776 ----a-w- c:\windows\system32\BCMLogon.dll

2011-08-06 17:50 . 2006-10-04 06:03 3357952 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS

2011-08-06 17:50 . 2006-10-04 06:03 761856 ----a-w- c:\windows\system32\bcm1xsup.dll

2011-06-05 23:35 . 2011-06-05 23:35 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-02 14:02 . 2005-08-16 09:18 1858944 ----a-w- c:\windows\system32\win32k.sys

2011-08-05 02:38 . 2011-06-06 01:59 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-02-10 14:44 . 2006-10-21 03:18 131584 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-08_16.25.10 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-09 04:27 . 2011-08-09 04:27 16384 c:\windows\Temp\Perflib_Perfdata_890.dat

+ 2011-08-09 04:08 . 2011-08-09 04:08 16384 c:\windows\Temp\Perflib_Perfdata_5d8.dat

+ 2011-08-09 04:07 . 2011-08-09 04:07 16384 c:\windows\Temp\Perflib_Perfdata_5ac.dat

+ 2011-08-09 04:08 . 2011-08-08 16:26 12984 c:\windows\LastGood\system32\DRIVERS\SWDUMon.sys

+ 2011-08-09 04:17 . 2011-08-09 04:17 22016 c:\windows\Installer\a40f5.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-11 68856]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"SlimDrivers"="c:\program files\SlimDrivers\SlimDrivers.exe" [2011-08-01 26441568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-04 98304]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2011-08-06 2801664]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-06-10 249856]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-03 273544]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 162584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 138008]

"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-23 809488]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]

2008-08-29 20:41 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]

backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]

backup=c:\windows\pss\Google Updater.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]

backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]

backup=c:\windows\pss\Service Manager.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Muhammad A. Sesay Sr^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk]

backup=c:\windows\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]

2011-08-06 17:50 2801664 ----a-w- c:\windows\system32\WLTRAY.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]

2006-06-29 17:13 1032192 -c--a-w- c:\program files\Dell\QuickSet\quickset.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2006-07-17 02:29 389120 -c--a-w- c:\program files\Dell Support\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]

2004-12-06 06:05 127035 -c--a-w- c:\windows\system32\dla\tfswctrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]

2005-12-10 01:29 49152 -c--a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

2008-02-10 14:44 29744 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]

2000-01-01 00:00 162584 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]

2000-01-01 00:00 138008 ----a-w- c:\windows\system32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]

2000-01-01 00:00 138008 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2005-06-10 15:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2005-06-10 15:44 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]

2003-09-10 07:24 20480 -c--a-w- c:\program files\NetWaiting\netwaiting.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OurPictures]

2006-06-19 22:30 4796416 -c--a-w- c:\program files\RitzPix E-Z Print & Share\OurPictures.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2006-10-04 06:36 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2007-05-11 14:01 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1206000.01D\symds.sys [5/10/2011 10:07 PM 340088]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1206000.01D\symefa.sys [5/10/2011 10:07 PM 744568]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20110723.001\BHDrvx86.sys [7/22/2011 8:27 PM 815736]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1206000.01D\ironx86.sys [5/10/2011 10:07 PM 136312]

R2 DiskDoctorService;Norton Disk Doctor Service;c:\program files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2/9/2011 8:31 PM 1029480]

R2 gupdate1ca709da627c5e2;Google Update Service (gupdate1ca709da627c5e2);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2009 10:42 PM 133104]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/23/2009 8:02 PM 10384]

R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccsvchst.exe [5/10/2011 10:06 PM 130008]

R2 NSL;Norton Safe Web Lite;c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe [2/23/2011 2:15 AM 130000]

R2 SpeedDiskService;Norton SpeedDisk Service;c:\program files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2/9/2011 8:31 PM 1037672]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/3/2011 7:42 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20110805.030\IDSXpx86.sys [8/6/2011 1:08 PM 355256]

S3 DellBIOS;DellBIOS;c:\windows\DellBIOS.Sys [8/29/2008 4:58 PM 5120]

S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/4/2006 2:44 AM 29744]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2009 10:42 PM 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/3/2011 7:44 PM 41272]

S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/6/2011 1:04 PM 12984]

S3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2/9/2011 8:31 PM 128248]

S3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2/9/2011 8:31 PM 108800]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-24 02:10]

.

2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 02:42]

.

2011-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 02:42]

.

2011-06-05 c:\windows\Tasks\NUSchedule.job

- c:\program files\Norton Utilities 15\nu.exe [2011-02-10 07:23]

.

2011-08-09 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-635465142-2021310143-3459090557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

2011-08-09 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-635465142-2021310143-3459090557-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html

Trusted Zone: intuit.com\ttlc

Trusted Zone: musicmatch.com\online

TCP: DhcpNameServer = 192.168.1.1 71.252.0.12

FF - ProfilePath - c:\documents and settings\Muhammad A. Sesay Sr\Application Data\Mozilla\Firefox\Profiles\28dxc8sn.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-09 00:35

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NSL]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files\Norton Safe Web Lite\Engine\1.2.0.6\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(920)

c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll

c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

c:\program files\common files\logishrd\bluetooth\LBTServ.dll

c:\windows\System32\BCMLogon.dll

.

Completion time: 2011-08-09 00:45:10

ComboFix-quarantined-files.txt 2011-08-09 04:45

ComboFix2.txt 2011-08-08 16:35

.

Pre-Run: 55,592,300,544 bytes free

Post-Run: 55,465,058,304 bytes free

.

- - End Of File - - 74BED879D8E4672EEC5F2C4C6832472A

Share this post


Link to post
Share on other sites

If your computer is operating correctly, please uninstall ComboFix as follows:

 

Go to Start > Run, and in the 'Open' field type (or copy/paste):

combofix /uninstall

 

(Note there is a space between combofix and /uninstall)

Click: OK

 

ComboFix will uninstall itself from your computer and remove any backups and quarantined files. When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.

 

You can now delete the ComboFix program icon from your Desktop, if still there.

 

 

~~~~

Please verify the version of Java you have installed.

http://www.java.com/en/download/installed.jsp

 

If your version of Java is outdated, it needs to be updated to eliminate security vulnerabilities.

 

When done, uninstall older versions:

http://www.java.com/en/download/uninstall.jsp

 

Also update the following:

>>Adobe Reader 9.1

Out of date Adobe Reader installed!

 

>>Mozilla Firefox (x86 en-US..) Firefox Out of Date!

 

~~~~

Some suggestions to improve computer performance:

 

Slow PC? Optimize your computer for peak performance

http://www.microsoft.com/athome/moredone/optimize.mspx

 

Speed up your PC: Automate your computer maintenance schedule

http://www.microsoft.com/athome/moredone/maintenance.mspx

 

 

Good luck, ohmygosh18!!

Edited by Aaflac

Share this post


Link to post
Share on other sites

It appears that the malware issue presented is resolved, therefore the topic is closed.

 

Please send me or any Moderator a Personal Message (PM) with this topic's link if there is a reason to re-open it.

 

 

Thanks.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×