Results 1 to 3 of 3

Thread: In Progress: PC Super SLOW

  1. #1
    Junior Member
    Join Date
    Aug 2010
    Posts
    7

    Default In Progress: PC Super SLOW

    Thread was archived: http://forums.spybot.info/showthread.php?t=59138

    I did the combofix and here is a fresh DDS log. The computer is running a little smoother mozilla and folders are appearing sooner also.:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by HP_Administrator at 22:40:23.84 on Mon 09/06/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.389 [GMT -7:00]

    AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

    ============== Running Processes ===============

    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\D-Link\DWA-552 revA\acs.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
    C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\HP_Administrator\My Documents\Downloads\dds(2).scr
    C:\WINDOWS\system32\SearchProtocolHost.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/?fr=fp-grpj
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2010\IEToolbar.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [ehTray] "c:\windows\ehome\ehtray.exe"
    mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] "nwiz.exe" /install
    mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE"
    mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
    mRun: [WD Button Manager] "WDBtnMgr.exe"
    mRun: [KBD] "c:\hp\kbd\KBD.EXE"
    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
    mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2010\IEShow.exe"
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2010\bdagent.exe"
    mRun: [RTHDCPL] "RTHDCPL.EXE"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\lifedr~1.lnk - c:\program files\palmone\LifeDriveMgrTray.exe
    StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\palmon~1.lnk - c:\program files\palmone\register.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\Hotsync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-552 reva\wirelesscm.exe
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: att.net
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} - c:\program files\yahoo!\common\yucconfig.dll
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1246509209562
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://games.myspace.com/Gameshell/GameHost/1.0/OberonGameHost.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\ch0hg985.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff2.dll
    FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.6.dll
    FF - component: c:\program files\bitdefender\bitdefender 2010\bdaphffext\components\bdaphff3.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2009-8-12 95592]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
    R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-4-16 1201640]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2010-2-3 153448]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2009-6-23 57440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2009-10-19 183880]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\d-link\dwa-552 reva\jswpsapi.exe [2009-6-23 356433]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
    S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [2009-8-22 36928]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-09-07 05:03:50 0 d-sha-r- C:\cmdcons
    2010-09-07 04:13:27 98816 ----a-w- c:\windows\sed.exe
    2010-09-07 04:13:27 77312 ----a-w- c:\windows\MBR.exe
    2010-09-07 04:13:27 256512 ----a-w- c:\windows\PEV.exe
    2010-09-07 04:13:27 161792 ----a-w- c:\windows\SWREG.exe
    2010-09-01 21:23:05 53248 ----a-w- c:\windows\PalmDevC.dll
    2010-09-01 21:20:40 0 d-----w- c:\program files\palmOne
    2010-08-11 20:51:35 0 d-----w- c:\program files\Spybot - Search & Destroy
    2010-08-11 20:51:35 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
    2010-08-11 19:27:00 73728 ----a-w- c:\windows\system32\javacpl.cpl

    ==================== Find3M ====================

    2010-09-07 05:02:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-09-07 04:10:03 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2010-09-01 21:19:56 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
    2010-08-01 17:13:14 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-07-17 12:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-03 02:48:41 84584 ----a-w- c:\windows\SOUNDMAN.EXE
    2010-07-03 02:48:41 1489512 ----a-w- c:\windows\RtlUpd.exe
    2010-07-03 02:48:38 9721960 ----a-w- c:\windows\RTLCPL.EXE
    2010-07-03 02:48:34 19552872 ----a-w- c:\windows\RTHDCPL.EXE
    2010-07-03 02:48:31 2180712 ----a-w- c:\windows\MicCal.exe
    2010-07-03 02:48:27 64104 ----a-w- c:\windows\ALCMTR.EXE
    2010-07-03 02:48:20 2815592 ----a-w- c:\windows\ALCWZRD.EXE
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-25 00:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:21:59 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:21:59 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 14:03:00 80384 ------w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2010-06-09 23:01:10 133616 ------w- c:\windows\system32\pxafs.dll
    2010-06-09 23:01:10 126448 ------w- c:\windows\system32\pxinsi64.exe
    2010-06-09 23:01:10 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2009-09-16 21:43:13 22 --sha-w- c:\windows\sminst\HPCD.sys
    2009-06-25 20:40:35 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062520090626\index.dat

    ============= FINISH: 22:41:26.82 ===============


    COMBOFIX BELOW:

    ComboFix 10-09-06.03 - HP_Administrator 09/06/2010 22:05:29.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.619 [GMT -7:00]
    Running from: c:\documents and settings\HP_Administrator\My Documents\Downloads\ComboFix.exe
    AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\HP_Administrator\GoToAssistDownloadHelper.exe
    c:\windows\system32\ps2.bat

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-07 to 2010-09-07 )))))))))))))))))))))))))))))))
    .

    2010-09-01 21:23 . 2010-09-01 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\HotSync
    2010-09-01 21:23 . 2010-09-01 21:20 53248 ----a-w- c:\windows\PalmDevC.dll
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\palmOneFileTransfer_45BA714564B04B5DBDC240E20FCDC6DC.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\PalmDesktopShortcut.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut6.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut5.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut4_45BA714564B04B5DBDC240E20FCDC6DC.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut4.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut2.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut1.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
    2010-09-01 21:21 . 2010-09-01 21:21 65536 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\ARPPRODUCTICON.exe
    2010-09-01 21:21 . 2010-09-01 21:21 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut3.4DA64122_6F1D_4317_BC6A_2B3299881D1B.exe
    2010-09-01 21:21 . 2010-09-01 21:21 49152 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45BA7145-64B0-4B5D-BDC2-40E20FCDC6DC}\NewShortcut2_45BA714564B04B5DBDC240E20FCDC6DC.exe
    2010-09-01 21:20 . 2010-09-01 21:57 -------- d-----w- c:\program files\palmOne
    2010-09-01 21:20 . 2010-09-01 21:20 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\HotSync
    2010-08-29 03:05 . 2010-08-29 02:56 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
    2010-08-29 03:05 . 2010-08-29 03:05 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
    2010-08-29 03:04 . 2010-08-29 03:04 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
    2010-08-29 03:04 . 2010-08-29 03:04 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
    2010-08-29 03:04 . 2010-08-29 03:04 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
    2010-08-29 03:03 . 2010-08-29 03:03 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
    2010-08-29 03:03 . 2010-08-29 03:03 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
    2010-08-11 20:56 . 2010-08-11 20:57 -------- d-----w- c:\program files\ERUNT
    2010-08-11 20:51 . 2010-08-21 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-08-11 20:51 . 2010-08-11 20:54 -------- d-----w- c:\program files\Spybot - Search & Destroy

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-07 05:02 . 2009-12-29 01:14 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-09-07 04:10 . 2009-12-29 01:12 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2010-09-03 01:24 . 2010-07-16 13:38 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-01 23:19 . 2010-05-31 00:31 -------- d-----w- c:\program files\Uniblue
    2010-09-01 21:19 . 2004-06-09 20:37 16694 ----a-w- c:\windows\system32\drivers\PalmUSBD.sys
    2010-09-01 19:42 . 2009-06-24 00:26 -------- d-----w- c:\program files\Yahoo!
    2010-09-01 19:41 . 2009-09-03 04:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-08-29 03:12 . 2010-08-05 20:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
    2010-08-29 03:05 . 2010-08-05 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-08-29 03:05 . 2009-06-23 22:41 -------- d-----w- c:\program files\DivX
    2010-08-29 02:56 . 2010-08-05 19:26 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
    2010-08-29 02:55 . 2010-08-05 19:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
    2010-08-29 02:54 . 2010-08-05 19:32 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
    2010-08-11 20:11 . 2010-05-11 01:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-08-11 19:27 . 2006-02-23 01:03 -------- d-----w- c:\program files\Common Files\Java
    2010-08-11 19:23 . 2010-05-24 18:37 -------- d-----w- c:\program files\Viewpoint
    2010-08-05 19:32 . 2009-06-23 22:41 -------- d-----w- c:\program files\Common Files\DivX Shared
    2010-08-05 19:32 . 2009-06-23 22:57 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DivX
    2010-08-05 19:30 . 2010-08-05 19:30 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
    2010-08-05 19:30 . 2010-08-05 19:30 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
    2010-08-05 19:29 . 2010-08-05 19:29 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
    2010-08-05 19:28 . 2010-08-05 19:28 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
    2010-08-05 04:36 . 2010-08-05 04:36 503808 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c830283-n\msvcp71.dll
    2010-08-05 04:36 . 2010-08-05 04:36 12800 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-23679d62-n\decora-d3d.dll
    2010-08-05 04:36 . 2010-08-05 04:36 499712 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c830283-n\jmc.dll
    2010-08-05 04:36 . 2010-08-05 04:36 61440 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-23679d62-n\decora-sse.dll
    2010-08-05 04:36 . 2010-08-05 04:36 348160 ----a-w- c:\documents and settings\HP_Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6c830283-n\msvcr71.dll
    2010-08-05 04:34 . 2006-02-23 01:03 -------- d-----w- c:\program files\Java
    2010-08-01 17:16 . 2010-08-01 17:16 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-08-01 17:16 . 2010-08-01 17:16 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-08-01 17:16 . 2010-08-01 17:16 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-08-01 17:16 . 2010-08-01 17:16 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-08-01 17:16 . 2010-08-01 17:16 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-08-01 17:16 . 2010-08-01 17:16 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-08-01 17:16 . 2010-08-01 17:16 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-08-01 17:16 . 2010-08-01 17:16 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-08-01 17:16 . 2010-03-23 16:40 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-08-01 17:16 . 2006-02-23 01:32 -------- d-----w- c:\program files\Common Files\Real
    2010-08-01 17:14 . 2009-07-06 22:15 -------- d-----w- c:\program files\Real
    2010-08-01 17:13 . 2006-07-12 01:35 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2010-07-26 04:09 . 2009-06-23 21:43 -------- d-----w- c:\program files\iTunes
    2010-07-26 04:04 . 2010-07-26 04:04 -------- d-----w- c:\program files\iPod
    2010-07-26 04:04 . 2009-06-23 21:38 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-26 03:57 . 2010-07-26 03:57 -------- d-----w- c:\program files\Bonjour
    2010-07-26 03:54 . 2010-07-26 03:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
    2010-07-23 23:46 . 2010-05-21 02:19 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\U3
    2010-07-20 18:46 . 2010-05-16 14:47 -------- d-----w- c:\program files\Windows Desktop Search
    2010-07-20 18:31 . 2010-07-20 18:31 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Windows Desktop Search
    2010-07-17 12:00 . 2010-05-03 17:23 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-07-17 00:41 . 2009-09-12 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
    2010-07-17 00:38 . 2009-09-12 06:27 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Nero
    2010-07-03 02:48 . 2006-02-23 01:15 84584 ----a-w- c:\windows\SOUNDMAN.EXE
    2010-07-03 02:48 . 2006-02-23 01:15 1489512 ----a-w- c:\windows\RtlUpd.exe
    2010-07-03 02:48 . 2006-02-23 01:15 9721960 ----a-w- c:\windows\RTLCPL.EXE
    2010-07-03 02:48 . 2006-02-23 01:15 6056040 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
    2010-07-03 02:48 . 2006-02-23 01:15 19552872 ----a-w- c:\windows\RTHDCPL.EXE
    2010-07-03 02:48 . 2006-02-23 01:15 2180712 ----a-w- c:\windows\MicCal.exe
    2010-07-03 02:48 . 2006-02-23 01:15 64104 ----a-w- c:\windows\ALCMTR.EXE
    2010-07-03 02:48 . 2006-02-23 01:15 2815592 ----a-w- c:\windows\ALCWZRD.EXE
    2010-06-30 12:31 . 2004-08-10 04:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-10 04:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-10 04:00 354304 ------w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-10 04:00 80384 ------w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2004-08-10 04:00 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-10 04:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-09 23:01 . 2009-06-23 22:42 133616 ------w- c:\windows\system32\pxafs.dll
    2010-06-09 23:01 . 2008-11-20 19:19 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
    2010-06-09 23:01 . 2006-02-23 01:47 123888 ------w- c:\windows\system32\pxcpyi64.exe
    2010-06-09 23:01 . 2006-02-23 01:47 126448 ------w- c:\windows\system32\pxinsi64.exe
    2009-09-16 21:43 . 2009-09-16 21:43 22 --sha-w- c:\windows\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
    "nwiz"="nwiz.exe" [2006-01-25 1519616]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 249856]
    "WD Button Manager"="WDBtnMgr.exe" [2009-06-23 331776]
    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-20 71152]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-03-18 1123360]
    "RTHDCPL"="RTHDCPL.EXE" [2010-07-03 19552872]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-01 202256]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
    "SpySweeper"="c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe" [2009-11-06 6515784]

    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-2-22 27136]

    c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    LifeDriveT Manager.lnk - c:\program files\palmOne\LifeDriveMgrTray.exe [2005-4-21 86016]
    palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-4-21 2355200]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2004-6-9 471040]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-552 revA\wirelesscm.exe [2009-6-23 29312256]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\palmOne\\Hotsync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 12:00 PM 29808]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/12/2009 12:28 AM 95592]
    R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/16/2010 6:37 PM 1201640]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2/3/2010 1:57 PM 153448]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [6/23/2009 5:20 PM 57440]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
    S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [10/19/2009 5:06 PM 183880]
    S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\D-Link\DWA-552 revA\jswpsapi.exe [6/23/2009 5:20 PM 356433]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
    S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [8/22/2009 7:11 PM 36928]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/9/2004 9:00 PM 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8/12/2009 12:28 AM 721904]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bdx REG_MULTI_SZ scan
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

    2010-09-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-4081812776-375214140-3341772112-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-09-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-4081812776-375214140-3341772112-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

    2010-09-07 c:\windows\Tasks\wrSpySweeper_L00B2402753174C2989464AFA1E47C37D.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-04-17 22:19]

    2010-09-07 c:\windows\Tasks\wrSpySweeper_L00B2402753174C2989464AFA1E47C37D.job
    - c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2010-04-17 22:19]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/?fr=fp-grpj
    uDefault_Search_URL = hxxp://www.google.com/ie
    mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=desktop
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: att.net
    Trusted Zone: sbcglobal.net
    Trusted Zone: yahoo.com\clientapps
    FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\ch0hg985.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-PCDrProfiler - (no file)
    SafeBoot-svcWRSSSDK



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-06 22:10
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    Completion time: 2010-09-06 22:14:23
    ComboFix-quarantined-files.txt 2010-09-07 05:14

    Pre-Run: 167,127,941,120 bytes free
    Post-Run: 167,083,507,712 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

    - - End Of File - - C0F1CF300712C035ADF069D9BA828477

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post fresh attach.txt contents too.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Due to inactivity, this thread will now be closed.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •