Possible remanants of tro.gen, browser redirects, slow when using ie, crashes etc

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

joymor

Thread Starter
Joined
Jan 6, 2011
Messages
4
Ad-aware identified tro.gen and quarantined it a few days ago. Programs are crashing sporadically, internet explorer redirects and is very slow, pop ups galore.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:04:55 , on 2011-01-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\System32\vssvc.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\WINNT\System32\dmadmin.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINNT\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singsnap.com/snap/account/entrance
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINNT\system32\InetCntrl\PopupKil\BsafeBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [HostManager] ;
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
O15 - Trusted Zone: http://*.download.microsoft.com
O15 - Trusted Zone: *.windowsupdate.microsoft.com%20http
O15 - Trusted Zone: http://*.update.microsoft.com
O15 - Trusted Zone: *.windowsupdate.com
O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - http://www.worldwinner.com/games/v48/brickout/brickout.cab
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - http://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - http://www.worldwinner.com/games/v57/cubis/cubis.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://ev1-0.driverguide.net/DGTx.CAB
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PCPitstop Realtime - PC Pitstop LLC - C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

--
End of file - 16222 bytes


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 17:57:58.82 on 2011-01-06
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3055.1983 [GMT -5:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINNT\system32\svchost -k DcomLaunch
svchost.exe
C:\WINNT\System32\svchost.exe -k netsvcs
C:\WINNT\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINNT\System32\svchost.exe -k eapsvcs
svchost.exe
C:\WINNT\System32\svchost.exe -k dot3svc
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINNT\system32\spoolsv.exe
svchost.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINNT\system32\svchost.exe -k hpdevmgmt
C:\WINNT\System32\svchost.exe -k HTTPFilter
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
C:\WINNT\System32\svchost.exe -k HPZ12
C:\WINNT\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINNT\system32\wbem\wmiapsrv.exe
C:\WINNT\System32\dmadmin.exe
C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
C:\WINNT\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\real\realplayer\update\realsched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.singsnap.com/snap/account/entrance
uSearch Page =
uSearch Bar =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:\winnt\system32\inetcntrl\popupkil\BsafeBHO.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
TB: {4E7BD74F-2B8D-469E-DDF9-F165B897FA7D} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {34EA1C70-42CC-42C5-AA29-EC58B95A343E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {0483894e-2422-45e0-8384-021aff1af3cd} - iOpus iMacros
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [AppVodBurner]
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE
mRun: [HostManager] ;
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
dRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: HideShutdownScripts = 0 (0x0)
IE: &Search
IE: Clear Fields - file://c:\program files\siber systems\ai roboform\RoboFormComClearFields.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Identities Editor - file://c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
IE: Logoff - file://c:\program files\siber systems\ai roboform\RoboFormComLogoff.html
IE: Passcards Editor - file://c:\program files\siber systems\ai roboform\RoboFormComEditPass.html
IE: Reset Fields - file://c:\program files\siber systems\ai roboform\RoboFormComResetFields.html
IE: RoboForm Options - file://c:\program files\siber systems\ai roboform\RoboFormComOptions.html
IE: RoboForm TaskBar Icon - file://c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: Set Fields - file://c:\program files\siber systems\ai roboform\RoboFormComSetFields.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - c:\program files\siber systems\ai roboform\RoboFormComOptions.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
Trusted Zone: download.microsoft.com
Trusted Zone: ebay.com\cm
Trusted Zone: hotbot.com\www
Trusted Zone: microsoft.com\*.download
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com%20http\*.windowsupdate
Trusted Zone: ml.com\www19.benefits
Trusted Zone: ml.com\www26.benefits
Trusted Zone: net2phone.com\myaccount.nct
Trusted Zone: paypal.com\www
Trusted Zone: singsnap.com\www
Trusted Zone: smarttechniques.com\www
Trusted Zone: techniques.com\smart
Trusted Zone: tombola.com\us
Trusted Zone: update.microsoft.com
Trusted Zone: webkinz.com\www
Trusted Zone: windowsupdate.com
Trusted Zone: windowsupdate.microsoft.com
Trusted Zone: zzn.com\www.ebayqueen
DPF: Microsoft XML Parser for Java - file:///C:/WINNT/Java/classes/xmldso.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxp://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://ev1-0.driverguide.net/DGTx.CAB
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dxrit3te.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.singsnap.com/snap/account/entrance
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ksolo\npAVX.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\turntool\viewer\nptnt.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2009-6-27 64288]
R0 SymDS;Symantec Data Store;c:\winnt\system32\drivers\nav\1205000.07d\symds.sys [2011-1-6 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\nav\1205000.07d\symefa.sys [2011-1-6 652336]
R0 tffsport;M-Systems DiskOnChip 2000;c:\winnt\system32\drivers\tffsport.sys [2008-11-21 149376]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-12-13 691248]
R1 bsofrwl;bsofrwl;c:\winnt\system32\drivers\bsofrwl.sys [2007-12-8 23343]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
R1 sbaphd;sbaphd;c:\winnt\system32\drivers\sbaphd.sys [2010-12-22 21464]
R1 SymIRON;Symantec Iron Driver;c:\winnt\system32\drivers\nav\1205000.07d\ironx86.sys [2011-1-6 136312]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccsvchst.exe [2011-1-6 130000]
R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\pcpitstop\pc maticrt\PCPitstopRTService.exe [2010-12-22 228352]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-12-4 90864]
R2 sbapifs;sbapifs;c:\winnt\system32\drivers\sbapifs.sys [2010-12-22 69976]
R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [2010-11-16 2368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-16 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110104.001\IDSXpx86.sys [2011-1-5 341944]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110106.003\NAVENG.SYS [2011-1-6 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110106.003\NAVEX15.SYS [2011-1-6 1360760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winnt\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DMUSBUSBDCam;Dual Mode USB Camera;c:\winnt\system32\drivers\dualpcam.sys --> c:\winnt\system32\drivers\dualpcam.sys [?]
S3 DVC;USB DVC Svc;c:\winnt\system32\drivers\DVC.sys [2007-11-7 38401]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-27 136176]
S3 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2008-1-17 194320]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\winnt\system32\drivers\ManyCam.sys [2008-1-14 21632]
S3 NPF;WinPcap Packet Driver (NPF);c:\winnt\system32\drivers\npf.sys [2009-6-11 34064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
S3 SDTHOOK;SDTHOOK;c:\winnt\system32\drivers\SDTHOOK.SYS [2008-2-5 44928]
S3 SDVC05;USB SDVC05;c:\winnt\system32\drivers\SDVC05.sys [2008-11-16 18088]
S3 Wdm1;USB Bridge Cable Driver;c:\winnt\system32\drivers\usbbc.sys [2004-1-16 15576]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2067-02-24 19:21:18 79947 -c--a-w- c:\winnt\fw20.vxd
2011-01-06 22:19:17 330360 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symtdiv.sys
2011-01-06 22:19:16 652336 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symefa.sys
2011-01-06 22:19:16 50168 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\srtspx.sys
2011-01-06 22:19:16 368248 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symtdi.sys
2011-01-06 22:19:16 340016 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symds.sys
2011-01-06 22:19:16 295032 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symnets.sys
2011-01-06 22:19:15 509560 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\srtsp.sys
2011-01-06 22:19:15 136312 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\ironx86.sys
2011-01-06 22:18:49 -------- d-----w- c:\winnt\system32\drivers\nav\1205000.07D
2011-01-06 18:03:51 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-06 08:54:38 -------- dc----w- c:\docume~1\alluse~1\applic~1\CA
2011-01-02 05:31:10 -------- d-----w- c:\docume~1\owner\applic~1\Local
2011-01-02 05:26:07 -------- d-----w- c:\program files\common files\DivX Shared
2011-01-02 05:24:00 -------- dc----w- c:\docume~1\alluse~1\applic~1\DivX
2010-12-22 21:07:44 69976 ----a-w- c:\winnt\system32\drivers\sbapifs.sys
2010-12-22 21:07:43 21464 ----a-w- c:\winnt\system32\drivers\sbaphd.sys
2010-12-22 20:48:45 -------- dc----w- c:\docume~1\alluse~1\applic~1\PCPitstopDat
2010-12-21 05:59:49 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
2010-12-20 00:58:09 -------- d-----w- c:\program files\ZAR
2010-12-18 02:02:02 -------- dc----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2010-12-18 02:00:34 -------- d-----w- c:\docume~1\owner\applic~1\FCSB000062035
2010-12-18 02:00:05 -------- d-----w- c:\program files\Shop to Win 2
2010-12-14 02:04:40 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
2010-12-14 02:04:40 126512 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
2010-12-14 02:04:28 369072 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\symtdi.sys
2010-12-14 02:04:28 331312 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\symtdiv.sys
2010-12-14 02:04:28 294448 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\symnets.sys
2010-12-14 02:04:27 666672 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\SymEFA.sys
2010-12-14 02:04:27 50096 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\srtspx.sys
2010-12-14 02:04:27 489008 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\srtsp.sys
2010-12-14 02:04:27 339504 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\SymDS.sys
2010-12-14 02:04:27 134704 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\Ironx86.sys
2010-12-14 02:04:11 -------- d-----w- c:\program files\Norton AntiVirus
2010-12-14 02:03:52 -------- d-----w- c:\program files\NortonInstaller
2010-12-14 01:20:00 -------- d-----w- c:\docume~1\owner\applic~1\Tific

==================== Find3M ====================

2011-01-06 06:47:13 237568 -c--a-w- c:\winnt\system32\rmc_rtspdl.dll
2011-01-06 06:47:13 156672 -c--a-w- c:\winnt\system32\rmc_fixasf.exe
2010-12-03 09:05:33 15880 -c--a-w- c:\winnt\system32\lsdelete.exe
2010-11-18 18:12:44 81920 -c--a-w- c:\winnt\system32\isign32.dll
2010-11-16 19:51:10 2368 -c--a-w- c:\winnt\system32\SVKP.sys
2010-11-16 19:08:42 348160 -c--a-w- c:\winnt\system32\msvcr71.dll
2010-11-12 00:44:54 94208 ----a-w- c:\winnt\system32\dpl100.dll
2010-11-08 22:57:04 353592 ----a-w- c:\winnt\system32\DivXControlPanelApplet.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\winnt\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\winnt\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\winnt\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\winnt\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\winnt\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
2008-12-28 00:03:47 2516480 -c--a-w- c:\program files\Driver Detective.msi
2006-02-16 20:17:21 774144 -c--a-w- c:\program files\RngInterstitial.dll
2003-08-27 19:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll

============= FINISH: 17:59:44.95 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-06 17:48:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-53DKA0 rev.77.07W77
Running: sxdksnfy.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT 8A6B26B0 ZwAlertResumeThread
SSDT 8A6B28E0 ZwAlertThread
SSDT 8A70F448 ZwAllocateVirtualMemory
SSDT 8A7A45E0 ZwAssignProcessToJobObject
SSDT 8B2CBBD0 ZwConnectPort
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB9F52720]
SSDT 8A6B2400 ZwCreateMutant
SSDT 8A70D3F8 ZwCreateSymbolicLinkObject
SSDT 8AE2FA30 ZwCreateThread
SSDT 8A7A46C0 ZwDebugActiveProcess
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB9F529A0]
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB9F52F00]
SSDT 8ADD63B8 ZwDuplicateObject
SSDT 8A712E70 ZwFreeVirtualMemory
SSDT 8A6B24F0 ZwImpersonateAnonymousToken
SSDT 8A6B25D0 ZwImpersonateThread
SSDT 8B034050 ZwLoadDriver
SSDT 8A714E60 ZwMapViewOfSection
SSDT 8A7A4DF8 ZwOpenEvent
SSDT 8A8083F0 ZwOpenProcess
SSDT 8ADED620 ZwOpenProcessToken
SSDT 8A7A4C38 ZwOpenSection
SSDT 8ADF2458 ZwOpenThread
SSDT 8A7A44F0 ZwProtectVirtualMemory
SSDT 8A6B29C0 ZwResumeThread
SSDT 8A8054D8 ZwSetContextThread
SSDT 8ADE0AA8 ZwSetInformationProcess
SSDT 8A7A4AF0 ZwSetSystemInformation
SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB9F53150]
SSDT 8A7A4D18 ZwSuspendProcess
SSDT 8A6B2AA0 ZwSuspendThread
SSDT 8ADD6BF0 ZwTerminateProcess
SSDT 8A805418 ZwTerminateThread
SSDT \??\C:\WINNT\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB83966D0]
SSDT 8ADED5E8 ZwUnmapViewOfSection
SSDT 8A808A58 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 4A2 804E4CFC 4 Bytes CALL D2D92BD6
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINNT\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\real\realplayer\update\realsched.exe[3992] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\[email protected]û\x90|qû\x90|
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D280916-EAE9-FA8C-B8E3-C011C62838C2}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@oaigpfieajfolgnclolneohnnacpek 0x6B 0x61 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@naohlbdobmgajaobpockiagbeeck 0x6A 0x61 0x64 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@abejjngkfonfokcdjgagkajdkkhonfcgic 0x61 0x61 0x00 0x02
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@mafhooieembfmpdalbbbgmjhio 0x61 0x61 0x00 0x02
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]@MessageCount 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]@TimeStamp 0x6E 0x79 0xB3 0xEE ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]@Application "C:\Program Files\America Online 9.0\waol.exe" -nshalamar9 -u"aol://1722:mailbox"
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 24
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x10 0x1E 0x13 0x4C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application http://www.hotmail.com/
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x16 0xB4 0x2C 0xD5 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0xA6 0xB9 0xDB 0x0D ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x5C 0xF0 0x05 0x52 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 1
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x18 0xD5 0xBA 0x93 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application http://www.hotmail.com/
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 19
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x58 0x55 0x3F 0xAF ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 0
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0xDE 0x1F 0x29 0xF3 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 03: copy of MBR

---- EOF - GMER 1.0.15 ----

Thank you !
JOY~
 

Attachments

joymor

Thread Starter
Joined
Jan 6, 2011
Messages
4
Just wanted to add that now Mozilla Firefox is crashing too.
PLEASE HELP!
 

joymor

Thread Starter
Joined
Jan 6, 2011
Messages
4
bumping... Sure hope someone can help... things getting worse every day... Firefox crashing, programs crashing, SLOW on everything!
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top