1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Possible remanants of tro.gen, browser redirects, slow when using ie, crashes etc

Discussion in 'Virus & Other Malware Removal' started by joymor, Jan 6, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. joymor

    joymor Thread Starter

    Joined:
    Jan 6, 2011
    Messages:
    4
    Ad-aware identified tro.gen and quarantined it a few days ago. Programs are crashing sporadically, internet explorer redirects and is very slow, pop ups galore.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:04:55 , on 2011-01-06
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\system32\netdde.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
    C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
    C:\WINNT\System32\svchost.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\System32\vssvc.exe
    C:\WINNT\system32\wbem\wmiapsrv.exe
    C:\WINNT\System32\dmadmin.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\real\realplayer\update\realsched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
    C:\WINNT\system32\msiexec.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.singsnap.com/snap/account/entrance
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Bsecure Popup Blocker - {E0019445-4C1F-414D-A70E-AD80F231C584} - C:\WINNT\system32\InetCntrl\PopupKil\BsafeBHO.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
    O4 - HKLM\..\Run: [HostManager] ;
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Clear Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: Identities Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html
    O8 - Extra context menu item: Logoff - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html
    O8 - Extra context menu item: Passcards Editor - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html
    O8 - Extra context menu item: Reset Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html
    O8 - Extra context menu item: RoboForm Options - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O8 - Extra context menu item: RoboForm TaskBar Icon - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm
    O8 - Extra context menu item: Set Fields - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra 'Tools' menuitem: RoboForm Options - {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html
    O9 - Extra button: Customize - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra 'Tools' menuitem: Customize Menu - {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
    O10 - Unknown file in Winsock LSP: c:\winnt\system32\nwprovau.dll
    O15 - Trusted Zone: http://*.download.microsoft.com
    O15 - Trusted Zone: *.windowsupdate.microsoft.com%20http
    O15 - Trusted Zone: http://*.update.microsoft.com
    O15 - Trusted Zone: *.windowsupdate.com
    O15 - Trusted Zone: http://*.windowsupdate.microsoft.com
    O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - http://www.worldwinner.com/games/v50/tpir/tpir.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - http://www.worldwinner.com/games/v48/brickout/brickout.cab
    O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinner.com/games/v50/pool/pool.cab
    O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) - http://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - http://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - http://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
    O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - http://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
    O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} (PCPitstop AntiVirus) - http://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - http://www.worldwinner.com/games/v57/cubis/cubis.cab
    O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - http://www.worldwinner.com/games/v67/swapit/swapit.cab
    O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462...img/operations/symbizpr/xcontrol/SymDlBrg.cab
    O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - http://www.worldwinner.com/games/v41/hangman/hangman.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - http://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
    O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinner.com/games/v43/paint/paint.cab
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
    O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/download/imikimi_plugin_0.5.1.cab
    O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} (BoardCtl Class) - http://www.intel.com/design/motherbd/boardid/BoardID.cab
    O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} (CAScanner Control) - http://cainternetsecurity.net/scanner/cascanner.cab
    O16 - DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} (DGTx.uc1) - http://ev1-0.driverguide.net/DGTx.CAB
    O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: PCPitstop Realtime - PC Pitstop LLC - C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
    O23 - Service: PCPitstop Scheduling - PC Pitstop LLC - C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

    --
    End of file - 16222 bytes


    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Owner at 17:57:58.82 on 2011-01-06
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3055.1983 [GMT -5:00]

    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

    ============== Running Processes ===============

    C:\WINNT\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINNT\System32\svchost.exe -k netsvcs
    C:\WINNT\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINNT\System32\svchost.exe -k eapsvcs
    svchost.exe
    C:\WINNT\System32\svchost.exe -k dot3svc
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINNT\system32\spoolsv.exe
    svchost.exe
    C:\WINNT\system32\netdde.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINNT\system32\svchost.exe -k hpdevmgmt
    C:\WINNT\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINNT\System32\svchost.exe -k HPZ12
    C:\Program Files\PCPitstop\PC MaticRT\PCPitstopRTService.exe
    C:\Program Files\PCPitstop\PCPitstopScheduleService.exe
    C:\WINNT\System32\svchost.exe -k HPZ12
    C:\WINNT\system32\svchost.exe -k imgsvc
    C:\Program Files\UPHClean\uphclean.exe
    C:\WINNT\system32\wbem\wmiapsrv.exe
    C:\WINNT\System32\dmadmin.exe
    C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\USB Disk Win98 Driver\Res.EXE
    C:\Program Files\real\realplayer\update\realsched.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\PCPitstop\PC MaticRT\PCMaticRT.exe
    C:\WINNT\system32\dllhost.exe
    C:\WINNT\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.singsnap.com/snap/account/entrance
    uSearch Page =
    uSearch Bar =
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL
    BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    BHO: {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Bsecure Popup Blocker: {e0019445-4c1f-414d-a70e-ad80f231c584} - c:\winnt\system32\inetcntrl\popupkil\BsafeBHO.dll
    TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {D593DE91-7B41-45C2-830E-E9A99AB142AA} - No File
    TB: {4E7BD74F-2B8D-469E-DDF9-F165B897FA7D} - No File
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {34EA1C70-42CC-42C5-AA29-EC58B95A343E} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    EB: {0483894e-2422-45e0-8384-021aff1af3cd} - iOpus iMacros
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
    uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
    uRun: [AppVodBurner]
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [USB Storage Toolbox] c:\program files\usb disk win98 driver\Res.EXE
    mRun: [HostManager] ;
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    dRun: [ctfmon.exe] c:\winnt\system32\ctfmon.exe
    uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
    uPolicies-explorer: NoViewOnDrive = 0 (0x0)
    mPolicies-system: HideShutdownScripts = 0 (0x0)
    IE: &Search
    IE: Clear Fields - file://c:\program files\siber systems\ai roboform\RoboFormComClearFields.html
    IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: Identities Editor - file://c:\program files\siber systems\ai roboform\RoboFormComEditIdent.html
    IE: Logoff - file://c:\program files\siber systems\ai roboform\RoboFormComLogoff.html
    IE: Passcards Editor - file://c:\program files\siber systems\ai roboform\RoboFormComEditPass.html
    IE: Reset Fields - file://c:\program files\siber systems\ai roboform\RoboFormComResetFields.html
    IE: RoboForm Options - file://c:\program files\siber systems\ai roboform\RoboFormComOptions.html
    IE: RoboForm TaskBar Icon - file://c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
    IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
    IE: Set Fields - file://c:\program files\siber systems\ai roboform\RoboFormComSetFields.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4C} - c:\program files\siber systems\ai roboform\RoboFormComOptions.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F4E} - c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
    IE: {320AF880-6646-11D3-ABEE-C5DBF3571F51} - c:\program files\siber systems\ai roboform\RoboFormComTaskBarIcon.html
    IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    Trusted Zone: download.microsoft.com
    Trusted Zone: ebay.com\cm
    Trusted Zone: hotbot.com\www
    Trusted Zone: microsoft.com\*.download
    Trusted Zone: microsoft.com\update
    Trusted Zone: microsoft.com\windowsupdate
    Trusted Zone: microsoft.com%20http\*.windowsupdate
    Trusted Zone: ml.com\www19.benefits
    Trusted Zone: ml.com\www26.benefits
    Trusted Zone: net2phone.com\myaccount.nct
    Trusted Zone: paypal.com\www
    Trusted Zone: singsnap.com\www
    Trusted Zone: smarttechniques.com\www
    Trusted Zone: techniques.com\smart
    Trusted Zone: tombola.com\us
    Trusted Zone: update.microsoft.com
    Trusted Zone: webkinz.com\www
    Trusted Zone: windowsupdate.com
    Trusted Zone: windowsupdate.microsoft.com
    Trusted Zone: zzn.com\www.ebayqueen
    DPF: Microsoft XML Parser for Java - file:///C:/WINNT/Java/classes/xmldso.cab
    DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
    DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
    DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
    DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
    DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} - hxxp://www.worldwinner.com/games/v47/solitairerush/solitairerush.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v52/wwhearts/wwhearts.cab
    DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
    DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
    DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
    DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} - hxxp://utilities.pcpitstop.com/Exterminate2/pcpitstopAntiVirus.dll
    DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {97438FE9-D361-4279-BA82-98CC0877A717} - hxxp://www.worldwinner.com/games/v57/cubis/cubis.cab
    DPF: {A4110378-789B-455F-AE86-3A1BFC402853} - hxxp://zone.msn.com/bingame/zpagames/zpa_shvl.cab55579.cab
    DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} - hxxp://www.worldwinner.com/games/v67/swapit/swapit.cab
    DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - hxxp://a248.e.akamai.net/f/248/5462/2h/www.symantecstore.com/v2.0-img/operations/symbizpr/xcontrol/SymDlBrg.cab
    DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
    DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.3.13.0.cab
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - hxxp://imikimi.com/download/imikimi_plugin_0.5.1.cab
    DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
    DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
    DPF: {F09BFD07-20B5-46D8-A6D5-BE4EF22F1F4D} - hxxp://ev1-0.driverguide.net/DGTx.CAB
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winnt\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\dxrit3te.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.singsnap.com/snap/account/entrance
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\ksolo\npAVX.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
    FF - plugin: c:\program files\turntool\viewer\nptnt.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winnt\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
    FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: Norton IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\IPSFFPlgn
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\winnt\system32\drivers\Lbd.sys [2009-6-27 64288]
    R0 SymDS;Symantec Data Store;c:\winnt\system32\drivers\nav\1205000.07d\symds.sys [2011-1-6 340016]
    R0 SymEFA;Symantec Extended File Attributes;c:\winnt\system32\drivers\nav\1205000.07d\symefa.sys [2011-1-6 652336]
    R0 tffsport;M-Systems DiskOnChip 2000;c:\winnt\system32\drivers\tffsport.sys [2008-11-21 149376]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-12-13 691248]
    R1 bsofrwl;bsofrwl;c:\winnt\system32\drivers\bsofrwl.sys [2007-12-8 23343]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2006-10-10 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 67656]
    R1 sbaphd;sbaphd;c:\winnt\system32\drivers\sbaphd.sys [2010-12-22 21464]
    R1 SymIRON;Symantec Iron Driver;c:\winnt\system32\drivers\nav\1205000.07d\ironx86.sys [2011-1-6 136312]
    R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 1389400]
    R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.5.0.125\ccsvchst.exe [2011-1-6 130000]
    R2 PCPitstop Realtime;PCPitstop Realtime;c:\program files\pcpitstop\pc maticrt\PCPitstopRTService.exe [2010-12-22 228352]
    R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2010-12-4 90864]
    R2 sbapifs;sbapifs;c:\winnt\system32\drivers\sbapifs.sys [2010-12-22 69976]
    R2 SVKP;SVKP;c:\winnt\system32\SVKP.sys [2010-11-16 2368]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-16 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20110104.001\IDSXpx86.sys [2011-1-5 341944]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15264]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110106.003\NAVENG.SYS [2011-1-6 86008]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20110106.003\NAVEX15.SYS [2011-1-6 1360760]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winnt\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 DMUSBUSBDCam;Dual Mode USB Camera;c:\winnt\system32\drivers\dualpcam.sys --> c:\winnt\system32\drivers\dualpcam.sys [?]
    S3 DVC;USB DVC Svc;c:\winnt\system32\drivers\DVC.sys [2007-11-7 38401]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-27 136176]
    S3 KLIF;KLIF;c:\winnt\system32\drivers\klif.sys [2008-1-17 194320]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\winnt\system32\drivers\ManyCam.sys [2008-1-14 21632]
    S3 NPF;WinPcap Packet Driver (NPF);c:\winnt\system32\drivers\npf.sys [2009-6-11 34064]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 12872]
    S3 SDTHOOK;SDTHOOK;c:\winnt\system32\drivers\SDTHOOK.SYS [2008-2-5 44928]
    S3 SDVC05;USB SDVC05;c:\winnt\system32\drivers\SDVC05.sys [2008-11-16 18088]
    S3 Wdm1;USB Bridge Cable Driver;c:\winnt\system32\drivers\usbbc.sys [2004-1-16 15576]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winnt\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2067-02-24 19:21:18 79947 -c--a-w- c:\winnt\fw20.vxd
    2011-01-06 22:19:17 330360 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symtdiv.sys
    2011-01-06 22:19:16 652336 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symefa.sys
    2011-01-06 22:19:16 50168 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\srtspx.sys
    2011-01-06 22:19:16 368248 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symtdi.sys
    2011-01-06 22:19:16 340016 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symds.sys
    2011-01-06 22:19:16 295032 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\symnets.sys
    2011-01-06 22:19:15 509560 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\srtsp.sys
    2011-01-06 22:19:15 136312 ----a-w- c:\winnt\system32\drivers\nav\1205000.07d\ironx86.sys
    2011-01-06 22:18:49 -------- d-----w- c:\winnt\system32\drivers\nav\1205000.07D
    2011-01-06 18:03:51 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2011-01-06 08:54:38 -------- dc----w- c:\docume~1\alluse~1\applic~1\CA
    2011-01-02 05:31:10 -------- d-----w- c:\docume~1\owner\applic~1\Local
    2011-01-02 05:26:07 -------- d-----w- c:\program files\common files\DivX Shared
    2011-01-02 05:24:00 -------- dc----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-12-22 21:07:44 69976 ----a-w- c:\winnt\system32\drivers\sbapifs.sys
    2010-12-22 21:07:43 21464 ----a-w- c:\winnt\system32\drivers\sbaphd.sys
    2010-12-22 20:48:45 -------- dc----w- c:\docume~1\alluse~1\applic~1\PCPitstopDat
    2010-12-21 05:59:49 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
    2010-12-20 00:58:09 -------- d-----w- c:\program files\ZAR
    2010-12-18 02:02:02 -------- dc----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
    2010-12-18 02:00:34 -------- d-----w- c:\docume~1\owner\applic~1\FCSB000062035
    2010-12-18 02:00:05 -------- d-----w- c:\program files\Shop to Win 2
    2010-12-14 02:04:40 60808 ----a-w- c:\winnt\system32\S32EVNT1.DLL
    2010-12-14 02:04:40 126512 ----a-w- c:\winnt\system32\drivers\SYMEVENT.SYS
    2010-12-14 02:04:28 369072 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\symtdi.sys
    2010-12-14 02:04:28 331312 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\symtdiv.sys
    2010-12-14 02:04:28 294448 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\symnets.sys
    2010-12-14 02:04:27 666672 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\SymEFA.sys
    2010-12-14 02:04:27 50096 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\srtspx.sys
    2010-12-14 02:04:27 489008 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\srtsp.sys
    2010-12-14 02:04:27 339504 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\SymDS.sys
    2010-12-14 02:04:27 134704 ----a-r- c:\winnt\system32\drivers\nav\1201000.025\Ironx86.sys
    2010-12-14 02:04:11 -------- d-----w- c:\program files\Norton AntiVirus
    2010-12-14 02:03:52 -------- d-----w- c:\program files\NortonInstaller
    2010-12-14 01:20:00 -------- d-----w- c:\docume~1\owner\applic~1\Tific

    ==================== Find3M ====================

    2011-01-06 06:47:13 237568 -c--a-w- c:\winnt\system32\rmc_rtspdl.dll
    2011-01-06 06:47:13 156672 -c--a-w- c:\winnt\system32\rmc_fixasf.exe
    2010-12-03 09:05:33 15880 -c--a-w- c:\winnt\system32\lsdelete.exe
    2010-11-18 18:12:44 81920 -c--a-w- c:\winnt\system32\isign32.dll
    2010-11-16 19:51:10 2368 -c--a-w- c:\winnt\system32\SVKP.sys
    2010-11-16 19:08:42 348160 -c--a-w- c:\winnt\system32\msvcr71.dll
    2010-11-12 00:44:54 94208 ----a-w- c:\winnt\system32\dpl100.dll
    2010-11-08 22:57:04 353592 ----a-w- c:\winnt\system32\DivXControlPanelApplet.cpl
    2010-11-06 00:26:58 916480 ----a-w- c:\winnt\system32\wininet.dll
    2010-11-06 00:26:58 43520 ----a-w- c:\winnt\system32\licmgr10.dll
    2010-11-06 00:26:58 1469440 ------w- c:\winnt\system32\inetcpl.cpl
    2010-11-03 12:25:54 385024 ----a-w- c:\winnt\system32\html.iec
    2010-10-28 13:13:22 290048 ----a-w- c:\winnt\system32\atmfd.dll
    2010-10-26 13:25:00 1853312 ----a-w- c:\winnt\system32\win32k.sys
    2008-12-28 00:03:47 2516480 -c--a-w- c:\program files\Driver Detective.msi
    2006-02-16 20:17:21 774144 -c--a-w- c:\program files\RngInterstitial.dll
    2003-08-27 19:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll

    ============= FINISH: 17:59:44.95 ===============

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-06 17:48:19
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-53DKA0 rev.77.07W77
    Running: sxdksnfy.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT 8A6B26B0 ZwAlertResumeThread
    SSDT 8A6B28E0 ZwAlertThread
    SSDT 8A70F448 ZwAllocateVirtualMemory
    SSDT 8A7A45E0 ZwAssignProcessToJobObject
    SSDT 8B2CBBD0 ZwConnectPort
    SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB9F52720]
    SSDT 8A6B2400 ZwCreateMutant
    SSDT 8A70D3F8 ZwCreateSymbolicLinkObject
    SSDT 8AE2FA30 ZwCreateThread
    SSDT 8A7A46C0 ZwDebugActiveProcess
    SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB9F529A0]
    SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB9F52F00]
    SSDT 8ADD63B8 ZwDuplicateObject
    SSDT 8A712E70 ZwFreeVirtualMemory
    SSDT 8A6B24F0 ZwImpersonateAnonymousToken
    SSDT 8A6B25D0 ZwImpersonateThread
    SSDT 8B034050 ZwLoadDriver
    SSDT 8A714E60 ZwMapViewOfSection
    SSDT 8A7A4DF8 ZwOpenEvent
    SSDT 8A8083F0 ZwOpenProcess
    SSDT 8ADED620 ZwOpenProcessToken
    SSDT 8A7A4C38 ZwOpenSection
    SSDT 8ADF2458 ZwOpenThread
    SSDT 8A7A44F0 ZwProtectVirtualMemory
    SSDT 8A6B29C0 ZwResumeThread
    SSDT 8A8054D8 ZwSetContextThread
    SSDT 8ADE0AA8 ZwSetInformationProcess
    SSDT 8A7A4AF0 ZwSetSystemInformation
    SSDT \??\C:\WINNT\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB9F53150]
    SSDT 8A7A4D18 ZwSuspendProcess
    SSDT 8A6B2AA0 ZwSuspendThread
    SSDT 8ADD6BF0 ZwTerminateProcess
    SSDT 8A805418 ZwTerminateThread
    SSDT \??\C:\WINNT\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB83966D0]
    SSDT 8ADED5E8 ZwUnmapViewOfSection
    SSDT 8A808A58 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 4A2 804E4CFC 4 Bytes CALL D2D92BD6
    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    ? C:\WINNT\system32\Drivers\uphcleanhlp.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\real\realplayer\update\realsched.exe[3992] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected] 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\[email protected]_DLLs
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\[email protected]û\x90|qû\x90|
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D280916-EAE9-FA8C-B8E3-C011C62838C2}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@oaigpfieajfolgnclolneohnnacpek 0x6B 0x61 0x65 0x70 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@naohlbdobmgajaobpockiagbeeck 0x6A 0x61 0x64 0x70 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@abejjngkfonfokcdjgagkajdkkhonfcgic 0x61 0x61 0x00 0x02
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B4E899FF-3D6E-F195-C6D5-66D90DF5AB96}@mafhooieembfmpdalbbbgmjhio 0x61 0x61 0x00 0x02
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]@MessageCount 0
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]@TimeStamp 0x6E 0x79 0xB3 0xEE ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\America Online - [email protected]@Application "C:\Program Files\America Online 9.0\waol.exe" -nshalamar9 -u"aol://1722:mailbox"
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 24
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x10 0x1E 0x13 0x4C ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application http://www.hotmail.com/
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 1
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x16 0xB4 0x2C 0xD5 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected][email protected] 0
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0xA6 0xB9 0xDB 0x0D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 0
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x5C 0xF0 0x05 0x52 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 1
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x18 0xD5 0xBA 0x93 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application http://www.hotmail.com/
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 19
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0x58 0x55 0x3F 0xAF ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@MessageCount 0
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@TimeStamp 0xDE 0x1F 0x29 0xF3 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]@Application msimn

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 03: copy of MBR

    ---- EOF - GMER 1.0.15 ----

    Thank you !
    JOY~
     

    Attached Files:

  2. joymor

    joymor Thread Starter

    Joined:
    Jan 6, 2011
    Messages:
    4
    Been more than 48 hours so I am bumping, TY.
     
  3. joymor

    joymor Thread Starter

    Joined:
    Jan 6, 2011
    Messages:
    4
    Just wanted to add that now Mozilla Firefox is crashing too.
    PLEASE HELP!
     
  4. joymor

    joymor Thread Starter

    Joined:
    Jan 6, 2011
    Messages:
    4
    bumping... Sure hope someone can help... things getting worse every day... Firefox crashing, programs crashing, SLOW on everything!
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973059

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice