Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: Girlfriend's computer running slow  (Read 10713 times)

0 Members and 1 Guest are viewing this topic.

NJDAVE

    Topic Starter


    Rookie

    Girlfriend's computer running slow
    « on: May 17, 2010, 07:32:56 AM »
    Hi,

    My girlfriend's computer recently began running very slowly.  I suspect that she's picked up some sort of malware and have followed the steps outlined here on your Bboard. 

    Her computer is running Windows XP Professional Version 2002, Service Pack 3 on an Intel Pentium 4 2.80 Ghz with 1 GB of RAM.

    She has been using Norton (Norton 360) for several years as her anti-virus software.

    Below you'll find the logs for SuperAntispyware, Anti-Malware and HijackThis.
    Thank you so much for taking the time to review, analyze and help with our problem.

    David


    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 05/17/2010 at 03:40 AM

    Application Version : 4.37.1000

    Core Rules Database Version : 4940
    Trace Rules Database Version: 2752

    Scan type       : Complete Scan
    Total Scan Time : 11:04:59

    Memory items scanned      : 614
    Memory threats detected   : 0
    Registry items scanned    : 5867
    Registry threats detected : 83
    File items scanned        : 121135
    File threats detected     : 187

    Adware.MyWay
       HKLM\Software\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
       HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
       HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
       HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32
       HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
       HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\Programmable
       HKCR\CLSID\{014DA6C1-189F-421A-88CD-07CFE51CFF10}\TypeLib
       HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}
       HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0
       HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\0
       HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\0\win32
       HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\FLAGS
       HKCR\TypeLib\{014DA6C0-189F-421a-88CD-07CFE51CFF10}\1.0\HELPDIR
       C:\PROGRAM FILES\MYSEARCH\BAR\1.BIN\S4BAR.DLL
       HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
       HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32
       HKCR\CLSID\{03333333333314DA6C9-189F-421A-88CD-07CFE51CFF10}\InprocServer32#ThreadingModel
       HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\Programmable
       HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\TypeLib
       HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
       HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
       HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C1-189F-421A-88CD-07CFE51CFF10}
       HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKLM\Software\Microsoft\Internet Explorer\Toolbar#{014DA6C9-189F-421a-88CD-07CFE51CFF10}
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser#{014DA6C9-189F-421A-88CD-07CFE51CFF10}
       HKCR\MyWayToolBar.SettingsPlugin
       HKCR\MyWayToolBar.SettingsPlugin\CLSID
       HKCR\MyWayToolBar.SettingsPlugin\CurVer
       HKCR\MyWayToolBar.SettingsPlugin.1
       HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
       HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
       HKLM\Software\MyWay
       HKLM\Software\MyWay\myBar
       HKLM\Software\MyWay\myBar#MySearchSettingsDir
       HKLM\Software\MyWay\myBar#Dir
       HKLM\Software\MyWay\myBar#ShzmCurInstall
       HKLM\Software\MyWay\myBar#sr
       HKLM\Software\MyWay\myBar#pl
       HKLM\Software\MyWay\myBar\Partner
       HKLM\Software\MyWay\myBar\Partner#test
       HKLM\Software\MyWay\myBar\Partner#PM-Home
       HKLM\Software\MyWay\myBar\Partner#PM-Points
       HKLM\Software\MyWay\myBar\Partner#PM-Redeem
       HKLM\Software\MyWay\myBar\Partner#PM-Wallet
       HKLM\Software\MyWay\myBar\Partner#PM-Settings
       C:\Program Files\MyWay\myBar\0.bin
       C:\Program Files\MyWay\myBar
       C:\Program Files\MyWay
       HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
       HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
       HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
       HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib
       HKCR\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
       HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}
       HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
       HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
       HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib
       HKCR\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
       HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}
       HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
       HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
       HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib
       HKCR\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version
       HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}
       HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid
       HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32
       HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib
       HKCR\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib#Version

    PerfectNavBHO Class BHO
       HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7}

    Adware.Tracking Cookie
       C:\Documents and Settings\Christine\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@247realmedia[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@2o7[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@adbrite[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@adinterax[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@adlegend[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@adrevolver[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@adrevolver[3].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@advertising[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@apmebf[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@atdmt[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@atwola[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@bluestreak[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@burstnet[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@casalemedia[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@clicksense[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@collective-media[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@doubleclick[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@fastclick[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@hitbox[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@indextools[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@insightexpressai[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@interclick[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@media6degrees[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@mediaplex[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@overture[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@partner2profit[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@questionmarket[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@realmedia[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@revsci[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@screensavers[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@serving-sys[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@socialmedia[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@specificclick[2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@specificmedia[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@statcounter[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@tacoda[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@tradedoubler[1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@trafficmp[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@tribalfusion[2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][2].txt
       C:\Documents and Settings\Adriana\Cookies\[email protected][1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@yieldmanager[1].txt
       C:\Documents and Settings\Adriana\Cookies\adriana@zedo[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@2o7[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@2o7[3].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@adbrite[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@adbureau[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@adecn[1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@adrevolver[1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@apmebf[2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@atwola[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@backcountry[1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@burstnet[2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@chitika[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@chitika[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@collective-media[1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][5].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@eyewonder[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@fastclick[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@imrworldwide[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@insightexpressai[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@insightexpressai[3].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@interclick[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@interclick[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@invitemedia[2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@media6degrees[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@mediaforgews[1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@overture[2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@pointroll[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@qnsr[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@qnsr[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@questionmarket[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@realmedia[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@revsci[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@revsci[2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][3].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][5].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@serving-sys[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@specificclick[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@specificclick[3].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@specificmedia[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@specificmedia[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@statcounter[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@tacoda[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@tacoda[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@thefind[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@trafficmp[2].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@tribalfusion[2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][2].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\[email protected][1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@yieldmanager[1].txt
       C:\Documents and Settings\Andrew\Cookies\andrew@zedo[1].txt

    Adware.Cydoor
       HKU\S-1-5-21-1701104602-4116037204-4063646189-1005\Software\Cydoor

    Application.PowerReg Scheduler
       C:\DOCUMENTS AND SETTINGS\ADRIANA\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE
       C:\DOCUMENTS AND SETTINGS\ANDREW\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE

    Application.Agent/Gen-TempZ
       C:\SYSTEM VOLUME INFORMATION\_RESTORE{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1200\A0470638.EXE



    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4108

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    5/17/2010 7:46:01 AM
    mbam-log-2010-05-17 (07-46-01).txt

    Scan type: Quick scan
    Objects scanned: 148756
    Time elapsed: 20 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 12
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 7
    Files Infected: 21

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{1ec6f220-cb13-42f5-8f3a-62fdac00a891} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0494d0da-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{0494d0dc-f8e0-41ad-92a3-14154ece70ac} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{1ec6f221-cb13-42f5-8f3a-62fdac00a891} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1ec6f222-cb13-42f5-8f3a-62fdac00a891} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\setups (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Program Files\MySearch\bar\1.bin\MYBAREX.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\MYWAYPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\NPMYWAY.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\S42NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\1.bin\UNINSTALL.OLD (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\000400E7.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\00041B25.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\00041E42.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\000B71EE.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\000B8B33.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\000B8E7F.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\001031EF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\004379CD.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\00437F0D.bmp (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\MySearch\bar\History\search (Adware.MyWebSearch) -> Quarantined and deleted successfully.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:13:36 AM, on 5/17/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\BCMSMMSG.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
    C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Verizon Broadband Toolbar - {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - C:\WINDOWS\DOWNLO~1\vzbb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks\osCheck.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: NETGEAR WNA1100 Smart Wizard.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
    O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: JumpStart Wi-Fi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
    O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
    O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O23 - Service: WSWNA1100 - Unknown owner - C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 12977 bytes
    Logged

    Dr Jay

    • Malware Removal Specialist


      • Specialist
    • Moderator emeritus
      • Thanked: 119
    • Experience: Guru
    • OS: Windows 10
    Re: Girlfriend's computer running slow
    « Reply #1 on: May 18, 2010, 11:21:27 PM »
    Hello, and welcome to Computer Hope.

    Please note the following information about the malware forum:
    • Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Please visit this webpage for a tutorial on downloading and running ComboFix:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    See the area: Using ComboFix, and when done, post the log back here.
    Logged
    ~Dr Jay

    NJDAVE

      Topic Starter


      Rookie

      Re: Girlfriend's computer running slow
      « Reply #2 on: May 19, 2010, 12:29:02 PM »
      Thanks for the help DragonMaster.

      I've run ComboFix.  Here's the log...


      ComboFix 10-05-17.05 - Christine 05/19/2010  10:07:42.1.1 - x86
      Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1023.575 [GMT -4:00]
      Running from: c:\documents and settings\Christine\Desktop\ComboFix.exe
      .

      (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\program files\Altnet
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\bzip2.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cab.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\ceva_dll.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\cran.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\dbx.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\dbx.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\epoc.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\gzip.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\html.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\java.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\java.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx_97.ivd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx_w95.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mdx_x95.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\mime.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\na.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\na.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\nelf.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\pdf.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\pdf.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\pst.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\rup.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\rup.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sdx.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sdx.ivd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\sfx.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\tar.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\tar.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\unpack.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\unpack.ivd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\unpack.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\ve.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\ve.cvd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\ve.xmd.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\zip.cab
      c:\program files\Altnet\My Altnet Shares\Bullguard Protection\zip.xmd.cab
      c:\windows\system32\cd_clint.dll
      c:\windows\system32\Data
      c:\windows\system32\fonts
      c:\windows\system32\fonts\ACADEMY_.PFB
      c:\windows\system32\fonts\ACADEMY_.PFM
      c:\windows\system32\fonts\ACADEMY_.TTF

      .
      (((((((((((((((((((((((((   Files Created from 2010-04-19 to 2010-05-19  )))))))))))))))))))))))))))))))
      .

      2010-05-17 13:10 . 2010-05-17 13:10   388096   ----a-r-   c:\documents and settings\Christine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
      2010-05-17 12:13 . 2010-05-17 12:13   503808   ----a-w-   c:\documents and settings\Christine\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e540a80-n\msvcp71.dll
      2010-05-17 12:13 . 2010-05-17 12:13   499712   ----a-w-   c:\documents and settings\Christine\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e540a80-n\jmc.dll
      2010-05-17 12:13 . 2010-05-17 12:13   12800   ----a-w-   c:\documents and settings\Christine\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54b3fce8-n\decora-d3d.dll
      2010-05-17 12:13 . 2010-05-17 12:13   61440   ----a-w-   c:\documents and settings\Christine\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54b3fce8-n\decora-sse.dll
      2010-05-17 12:13 . 2010-05-17 12:13   348160   ----a-w-   c:\documents and settings\Christine\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4e540a80-n\msvcr71.dll
      2010-05-17 12:12 . 2010-05-17 12:12   --------   d-----w-   c:\program files\Common Files\Java
      2010-05-17 12:11 . 2010-05-17 12:10   411368   ----a-w-   c:\windows\system32\deployJava1.dll
      2010-05-17 12:10 . 2010-05-17 12:10   --------   d-----w-   c:\program files\Java
      2010-05-17 11:14 . 2010-05-17 11:14   --------   d-----w-   c:\documents and settings\Christine\Application Data\Malwarebytes
      2010-05-17 11:14 . 2010-04-29 19:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
      2010-05-17 11:14 . 2010-05-17 11:14   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
      2010-05-17 11:14 . 2010-04-29 19:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
      2010-05-17 11:14 . 2010-05-17 11:14   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
      2010-05-16 20:32 . 2010-05-16 20:32   63488   ----a-w-   c:\documents and settings\Christine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
      2010-05-16 20:32 . 2010-05-16 20:32   52224   ----a-w-   c:\documents and settings\Christine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
      2010-05-16 20:32 . 2010-05-16 20:32   117760   ----a-w-   c:\documents and settings\Christine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
      2010-05-16 20:31 . 2010-05-16 20:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
      2010-05-16 20:30 . 2010-05-16 20:30   --------   d-----w-   c:\program files\SUPERAntiSpyware
      2010-05-16 20:30 . 2010-05-16 20:30   --------   d-----w-   c:\documents and settings\Christine\Application Data\SUPERAntiSpyware.com
      2010-05-16 20:29 . 2010-05-16 20:29   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
      2010-05-16 20:19 . 2010-05-16 20:19   --------   d-----w-   c:\program files\CCleaner
      2010-05-16 00:14 . 2010-05-16 00:14   --------   d--h--w-   c:\documents and settings\All Users\Application Data\Atheros
      2010-05-16 00:09 . 2010-05-16 00:09   --------   d-----w-   C:\temp
      2010-05-16 00:08 . 2010-05-16 00:08   --------   d-----w-   c:\documents and settings\Christine\Application Data\InstallShield

      .
      ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2010-05-16 20:08 . 2005-02-19 17:50   --------   d-----w-   c:\program files\Spybot - Search & Destroy
      2010-05-16 20:05 . 2005-02-19 17:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
      2010-05-16 00:10 . 2010-05-16 00:10   --------   d-----w-   c:\program files\NETGEAR
      2010-05-16 00:10 . 2003-04-24 17:59   --------   d--h--w-   c:\program files\InstallShield Installation Information
      2010-04-27 13:37 . 2009-01-13 06:00   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
      2010-04-17 22:03 . 2007-08-07 16:44   --------   d-----w-   c:\program files\Verizon
      2010-04-01 00:00 . 2009-11-14 02:42   --------   d-----w-   c:\program files\Common Files\Motive
      2010-03-10 06:15 . 2002-08-29 10:00   420352   ----a-w-   c:\windows\system32\vbscript.dll
      2010-02-25 06:24 . 2004-08-24 00:32   916480   ----a-w-   c:\windows\system32\wininet.dll
      2010-02-24 13:11 . 2002-08-29 10:00   455680   ----a-w-   c:\windows\system32\drivers\mrxsmb.sys
      2003-05-05 20:19 . 2003-05-05 20:19   32   --sha-w-   c:\windows\{1E36A098-0459-4B20-A91A-F4A40F9F8F13}.dat
      2003-05-05 20:25 . 2003-05-05 20:25   32   --sha-w-   c:\windows\{4E0991FE-496F-4F20-8818-D209578B9635}.dat
      2003-05-05 20:25 . 2003-05-05 20:25   32   --sha-w-   c:\windows\{6784EBDA-8346-4398-A166-DA9341B1455E}.dat
      2003-05-05 20:25 . 2003-05-05 20:25   32   --sha-w-   c:\windows\{A5F31206-5DFA-458F-BC81-13FC02DF332D}.dat
      2003-05-05 20:25 . 2003-05-05 20:25   32   --sha-w-   c:\windows\SYSTEM32\{774FDFB9-86D5-476E-9E92-E48BD0A6E420}.dat
      2003-05-05 20:25 . 2003-05-05 20:25   32   --sha-w-   c:\windows\SYSTEM32\{9FC3E2F6-2F3C-48A3-AA6A-C4C58C007F14}.dat
      2003-05-05 20:25 . 2003-05-05 20:25   32   --sha-w-   c:\windows\SYSTEM32\{C08294F6-AFEF-4301-9622-2E70DB4166F1}.dat
      2003-05-05 20:19 . 2003-05-05 20:19   32   --sha-w-   c:\windows\SYSTEM32\{D9BF23EA-5373-4395-9EAC-7C239ACA05BD}.dat
      .

      (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
      "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
      "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-09-25 290816]
      "diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
      "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
      "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-14 28672]
      "MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 241714]
      "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2003-04-24 151597]
      "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
      "Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-02-17 86102]
      "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
      "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
      "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
      "VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2007-05-11 2061816]
      "NSWosCheck"="c:\program files\Norton SystemWorks\osCheck.exe" [2007-12-03 25472]
      "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
      "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-21 177472]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
      "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2006-09-02 100032]

      c:\documents and settings\Andrew\Start Menu\Programs\Startup\
      Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

      c:\documents and settings\All Users\Start Menu\Programs\Startup\
      America Online 8.0 Tray Icon.lnk - c:\program files\America Online 8.0\aoltray.exe [2003-4-24 36939]
      Exif Launcher.lnk - c:\program files\FinePixViewer\QuickDCF.exe [2006-7-11 282624]
      NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2010-5-15 4562944]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
      2009-09-03 19:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
      "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      R3 2388f077-6cc9-493a-988d-f6f4b56d9f91;2388f077-6cc9-493a-988d-f6f4b56d9f91;e:\cds300\cds300.dll

      R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [2009-11-05 360529]
      S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0308000.029\SYMEFA.SYS [2009-08-22 310320]
      S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
      S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
      S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100505.001\IDSxpx86.sys [2009-10-28 329592]
      S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
      S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-06 68168]
      S2 N360;Norton 360;c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
      S2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [2005-11-04 95832]
      S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [2009-11-27 278528]
      S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athuw.sys [2009-11-25 1710944]
      S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
      S3 JSWSCIMD;jswscimd Service;c:\windows\system32\DRIVERS\jswscimd.sys [2008-09-25 57440]


      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
      2009-03-08 08:32   128512   ----a-w-   c:\windows\SYSTEM32\advpack.dll
      .
      Contents of the 'Scheduled Tasks' folder

      2010-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

      2003-05-01 c:\windows\Tasks\ISP signup reminder 1.job
      - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]

      2010-02-22 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
      - c:\program files\Norton SystemWorks\OBC.exe [2007-12-23 06:41]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
      uInternet Connection Wizard,ShellNext = wmplayer.exe
      uInternet Settings,ProxyOverride = *.local
      uSearchAssistant =
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
      DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
      DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-Aim6 - (no file)
      HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNA1100\jswtrayutil.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2010-05-19 10:17
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ... 

      scanning hidden autostart entries ...

      scanning hidden files ... 

      scan completed successfully
      hidden files: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
      "ImagePath"="\"c:\program files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.8.0.41\diMaster.dll\" /prefetch:1"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(504)
      c:\program files\SUPERAntiSpyware\SASWINLO.dll
      c:\windows\system32\WININET.dll
      c:\windows\system32\athgina.dll
      .
      Completion time: 2010-05-19  10:22:57
      ComboFix-quarantined-files.txt  2010-05-19 14:22

      Pre-Run: 106,454,638,592 bytes free
      Post-Run: 106,868,166,656 bytes free

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

      - - End Of File - - 50DE3D8AE3F58E0C1B7268CFA7B60C83
      Logged

      Dr Jay

      • Malware Removal Specialist


        • Specialist
      • Moderator emeritus
        • Thanked: 119
      • Experience: Guru
      • OS: Windows 10
      Re: Girlfriend's computer running slow
      « Reply #3 on: May 19, 2010, 05:50:59 PM »
      Please download Malwarebytes Anti-Malware from Malwarebytes.org.
      Alternate link: BleepingComputer.com.
      (Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

      Double Click mbam-setup.exe to install the application.

      (Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
      • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select "Perform Full Scan", then click Scan.
      • The scan may take some time to finish,so please be patient.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Make sure that everything is checked, and click Remove Selected.
      • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
      • Please save the log to a location you will remember.
      • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
      • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
      • Copy and paste the entire report in your next reply.
      Logged
      ~Dr Jay

      NJDAVE

        Topic Starter


        Rookie

        Re: Girlfriend's computer running slow
        « Reply #4 on: May 20, 2010, 05:35:30 AM »
        OK, I've run Anti-Malware.  It said it found 1 infection and that's now been cleaned.

        Here's the log...

        Malwarebytes' Anti-Malware 1.46
        www.malwarebytes.org

        Database version: 4118

        Windows 5.1.2600 Service Pack 3
        Internet Explorer 8.0.6001.18702

        5/20/2010 6:52:23 AM
        mbam-log-2010-05-20 (06-52-23).txt

        Scan type: Full scan (C:\|)
        Objects scanned: 256590
        Time elapsed: 2 hour(s), 9 minute(s), 46 second(s)

        Memory Processes Infected: 0
        Memory Modules Infected: 0
        Registry Keys Infected: 0
        Registry Values Infected: 0
        Registry Data Items Infected: 0
        Folders Infected: 0
        Files Infected: 1

        Memory Processes Infected:
        (No malicious items detected)

        Memory Modules Infected:
        (No malicious items detected)

        Registry Keys Infected:
        (No malicious items detected)

        Registry Values Infected:
        (No malicious items detected)

        Registry Data Items Infected:
        (No malicious items detected)

        Folders Infected:
        (No malicious items detected)

        Files Infected:
        C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1238\A0493165.DLL (Adware.MywaySearch) -> Quarantined and deleted successfully.
        Logged

        Dr Jay

        • Malware Removal Specialist


          • Specialist
        • Moderator emeritus
          • Thanked: 119
        • Experience: Guru
        • OS: Windows 10
        Re: Girlfriend's computer running slow
        « Reply #5 on: May 20, 2010, 08:56:21 AM »
        Please run a free online scan with the ESET Online Scanner
        • Tick the box next to YES, I accept the Terms of Use
        • Click Start
        • When asked, allow the ActiveX control to install
        • Click Start
        • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
        • Click Scan (This scan can take several hours, so please be patient)
        • Once the scan is completed, you may close the window
        • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
        • Copy and paste that log as a reply to this topic
        Logged
        ~Dr Jay

        NJDAVE

          Topic Starter


          Rookie

          Re: Girlfriend's computer running slow
          « Reply #6 on: May 20, 2010, 03:11:49 PM »
          Hi DragonMaster,

          I've run the ESET Online Scanner.  It said it found 8 infections and cleaned them up. Here's the log...



          ESETSmartInstaller@High as CAB hook log:
          OnlineScanner.ocx - registred OK
          esets_scanner_update returned -1 esets_gle=1
          # version=7
          # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
          # OnlineScanner.ocx=1.0.0.6211
          # api_version=3.0.2
          # EOSSerial=4d1d200726e03741b46ead27c26a3dc1
          # end=finished
          # remove_checked=true
          # archives_checked=false
          # unwanted_checked=true
          # unsafe_checked=false
          # antistealth_checked=true
          # utc_time=2010-05-20 09:05:24
          # local_time=2010-05-20 05:05:24 (-0500, Eastern Daylight Time)
          # country="United States"
          # lang=1033
          # osver=5.1.2600 NT Service Pack 3
          # compatibility_mode=512 16777215 100 0 20001358 20001358 0 0
          # compatibility_mode=3589 16777189 100 100 1076670 22521034 0 0
          # compatibility_mode=8192 67108863 100 0 0 0 0 0
          # scanned=122515
          # found=8
          # cleaned=8
          # scan_time=17333
          C:\Documents and Settings\Adriana\Desktop\MUSIC\Music, Gone a Bit Wild\Rando Dance\breathe life liquid nation - greatest hits.mp3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
          C:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_suite_install\6.1.41.2\setup.exe   probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
          C:\RECYCLER\NPROTECT\00247867.MP3   a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined)   00000000000000000000000000000000   C
          C:\RECYCLER\NPROTECT\00247904.exe   probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
          C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1238\A0493154.DLL   Win32/Adware.ExactSearch.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
          C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1238\A0493164.DLL   Win32/Adware.MyWaySpeed application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
          C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP1238\A0494264.exe   probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
          C:\WINDOWS\Downloaded Program Files\vzbb.dll   Win32/Adware.MegaSearch application (cleaned by deleting (after the next restart) - quarantined)   00000000000000000000000000000000   C
          Logged

          Dr Jay

          • Malware Removal Specialist


            • Specialist
          • Moderator emeritus
            • Thanked: 119
          • Experience: Guru
          • OS: Windows 10
          Re: Girlfriend's computer running slow
          « Reply #7 on: May 20, 2010, 04:36:30 PM »
          Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
          • Select Start > All Programs > Accessories > System tools > System Restore.
          • On the dialogue box that appears select Create a Restore Point
          • Click NEXT
          • Enter a name e.g. Clean
          • Click CREATE
          You now have a clean restore point, to get rid of the bad ones:
          • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
          • In the Drop down box that appears select your main drive e.g. C
          • Click OK
          • The System will do some calculation and the display a dialogue box with TABS
          • Select the More Options Tab.
          • At the bottom will be a system restore box with a CLEANUP button click this
          • Accept the Warning and select OK again, the program will close and you are done
          To remove all of the tools we used and the files and folders they created, please do the following:
          Please download OTC.exe by OldTimer:
          • Save it to your Desktop.
          • Double click OTC.exe.
          • Click the CleanUp! button.
          • If you are prompted to Reboot during the cleanup, select Yes.
          • The tool will delete itself once it finishes.
          Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

          ==

          Please download TFC by OldTimer to your desktop
          • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
          • It will close all programs when run, so make sure you have saved all your work before you begin.
          • Click the Start
            button to begin the process. Depending on how often you clean temp
            files, execution time should be anywhere from a few seconds to a minute
            or two. Let it run uninterrupted to completion.
          • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
          ==

          Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
          • Save it to your Desktop.
          • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
          • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
          Logged
          ~Dr Jay

          NJDAVE

            Topic Starter


            Rookie

            Re: Girlfriend's computer running slow
            « Reply #8 on: May 20, 2010, 07:53:30 PM »
            OK, I've followed all of the latest steps and have included the log for Security Check below.

            If you don't mind, I'd like to get your opinion on Norton 360.  I've never been too impressed with the Norton anti-virus products. They seem to use a lot of system resources and in the end they don't seem to protect very well.  I'd like to give my girlfriend some other anti-virus suggestions as she's now not too happy with Norton either.  Any info and/or suggestions would be appreciated.

            Thanks for your help.


             Results of screen317's Security Check version 0.99.4 
             Windows XP Service Pack 3 
             Internet Explorer 8 
            ``````````````````````````````
            Antivirus/Firewall Check:
             Windows Firewall Disabled! 
             ESET Online Scanner v3   
             Norton 360     
             Antivirus up to date! (On Access scanning disabled!)
            ```````````````````````````````
            Anti-malware/Other Utilities Check:
             Malwarebytes' Anti-Malware   
             CCleaner     
             Java(TM) 6 Update 20 
             Adobe Flash Player   
            ````````````````````````````````
            Process Check: 
            objlist.exe by Laurent
             Norton ccSvcHst.exe
            ````````````````````````````````
            DNS Vulnerability Check:
             GREAT! (Not vulnerable to DNS cache poisoning)

            ``````````End of Log````````````
            Logged

            Dr Jay

            • Malware Removal Specialist


              • Specialist
            • Moderator emeritus
              • Thanked: 119
            • Experience: Guru
            • OS: Windows 10
            Re: Girlfriend's computer running slow
            « Reply #9 on: May 20, 2010, 09:14:30 PM »
            I cannot say Norton 360 is bad necessarily, but there are better solutions.

            I fully recommend Kaspersky Internet Security: http://www.kaspersky.com

            Or Avira Antivir Premium: http://www.avira.com


            Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

            Software recommendations

            AntiSpyware
            • SpywareBlaster
              SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
            • Spybot - Search & Destroy.
              Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
            NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

            Resident Protection help
            A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

            Rogue programs help
            There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
            http://www.spywarewarrior.com/rogue_anti-spyware.htm

            Securing your computer
            • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
            • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
            Please consider using an alternate browser
            Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

            If you are interested:
            See this page for more info about malware and prevention.
            Logged
            ~Dr Jay

            NJDAVE

              Topic Starter


              Rookie

              Re: Girlfriend's computer running slow
              « Reply #10 on: May 21, 2010, 07:08:59 AM »
              DragonMaster Jay,

              Thanks for the info on anti-virus and anti-spyware.

              I'm playing around with the machine in question and it still seems to be responding slowly.  I also noticed that when Internet Explorer is running, there are two instances of the iexplore.exe process listed in the task manager. They both go away as soon as I exit from IExplorer.  Is this normal?

              Thanks,

              David
              Logged

              Dr Jay

              • Malware Removal Specialist


                • Specialist
              • Moderator emeritus
                • Thanked: 119
              • Experience: Guru
              • OS: Windows 10
              Re: Girlfriend's computer running slow
              « Reply #11 on: May 21, 2010, 01:20:29 PM »
              Yes it is normal.

              If operations are slow, try closing programs (when not used) that impact performance.

              To name a few:
              -P2P
              -Messenger
              -Additional web browsers
              -Music player
              Logged
              ~Dr Jay

              NJDAVE

                Topic Starter


                Rookie

                Re: Girlfriend's computer running slow
                « Reply #12 on: May 22, 2010, 06:03:51 AM »
                OK. 

                Thanks so much for your help!

                David
                Logged

                Dr Jay

                • Malware Removal Specialist


                  • Specialist
                • Moderator emeritus
                  • Thanked: 119
                • Experience: Guru
                • OS: Windows 10
                Re: Girlfriend's computer running slow
                « Reply #13 on: May 22, 2010, 09:48:52 AM »
                You're welcome.
                Logged
                ~Dr Jay
                Pages: [1]   Go Up
                « previous next »