very slow computer and programs crashing

N

nwoc1

New Member
anything appear to be wrong?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:37 PM, on 9/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Safari\Safari.exe
C:\Documents and Settings\James\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everex.com/
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\RunOnce: [Norton 360Seq] C:\WINDOWS\TEMP\LUProdRg.exe /f:C:\WINDOWS\TEMP\360LUProdRg.ini /s:SPW_Set_Sequence
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6302 bytes
 
ComboFix 08-09-01.01 - James 2008-09-01 17:53:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.179 [GMT -7:00]
Running from: C:\Documents and Settings\James\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-02 to 2008-09-02 )))))))))))))))))))))))))))))))
.

2008-08-31 15:28 . 2008-08-31 15:28 <DIR> d-------- C:\Program Files\Google
2008-08-29 12:10 . 2008-08-29 12:10 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-29 12:07 . 2008-08-29 12:08 <DIR> d-------- C:\Program Files\Safari
2008-08-29 11:16 . 2008-04-13 17:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-08-29 11:16 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-08-29 11:16 . 2008-04-13 11:45 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-08-29 11:16 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-08-28 22:23 . 2008-08-28 22:23 <DIR> d--hs---- C:\Documents and Settings\James\PrivacIE
2008-08-28 22:11 . 2008-08-28 22:13 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-08-24 20:27 . 2008-08-24 20:38 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-08-22 03:05 . 2008-08-22 03:05 48,640 --------- C:\WINDOWS\system32\PrivacIE.dll
2008-08-17 18:03 . 2008-08-17 18:35 <DIR> d-------- C:\Westwood
2008-08-14 14:35 . 2008-08-14 14:35 <DIR> d-------- C:\Documents and Settings\James\Application Data\Windows Search
2008-08-14 14:08 . 2006-02-28 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-14 14:04 . 2008-08-14 14:04 <DIR> d-------- C:\Documents and Settings\James\Application Data\Windows Desktop Search
2008-08-14 14:03 . 2008-08-14 14:03 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-08-14 14:03 . 2008-08-14 14:03 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-08-14 14:01 . 2008-03-07 10:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-08-14 14:01 . 2008-03-07 10:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-08-14 14:01 . 2008-03-07 10:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-08-14 13:58 . 2008-08-14 13:58 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-08-14 13:56 . 2008-07-22 07:45 1,214,526 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-08-14 13:56 . 2008-07-22 07:45 790,846 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-08-14 13:56 . 2008-07-22 07:45 9,696 --------- C:\WINDOWS\system32\dllcache\drvmain.sdb
2008-08-14 12:30 . 2008-05-01 07:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 12:28 . 2008-04-11 12:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-12 20:02 . 2008-08-31 14:29 38 --a------ C:\WINDOWS\AviSplitter.INI
2008-08-08 02:16 . 2008-08-08 02:16 <DIR> d-------- C:\Documents and Settings\James\Application Data\IObit
2008-08-05 17:55 . 2008-08-05 17:55 265,720 --a------ C:\WINDOWS\system32\msdbg2.dll
2008-08-04 20:11 . 2008-08-04 20:11 <DIR> d-------- C:\Documents and Settings\James\Application Data\Media Player Classic
2008-08-04 19:36 . 2008-08-04 20:09 <DIR> d-------- C:\Program Files\VideoLAN
2008-08-04 14:54 . 2008-08-20 14:54 <DIR> d-------- C:\Documents and Settings\James\Application Data\RegistrySmart
2008-08-04 14:53 . 2008-08-20 14:54 <DIR> d-------- C:\Program Files\RegistrySmart
2008-08-03 14:30 . 2008-08-03 14:32 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-08-03 14:30 . 2008-08-03 14:30 <DIR> d-------- C:\Documents and Settings\James\Application Data\SystemRequirementsLab
2008-08-02 13:21 . 2008-08-02 13:22 <DIR> d-------- C:\Program Files\RegCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-02 00:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-02 00:38 --------- d-----w C:\Documents and Settings\James\Application Data\OpenOffice.org2
2008-09-01 21:30 --------- d-----w C:\Program Files\Norton 360
2008-09-01 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-30 01:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-08-27 18:00 --------- d-----w C:\Documents and Settings\James\Application Data\Spyware Terminator
2008-08-26 00:14 --------- d-----w C:\Documents and Settings\James\Application Data\U3
2008-08-25 03:21 --------- d-----w C:\Program Files\Spyware Terminator
2008-08-23 04:48 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-08-22 10:16 637,984 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-22 10:10 11,985,408 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-22 10:09 5,699,584 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-22 10:08 878,592 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\system32\licmgr10.dll
2008-08-22 10:08 43,008 ----a-w C:\WINDOWS\system32\dllcache\licmgr10.dll
2008-08-22 10:08 236,544 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2008-08-22 10:08 1,206,784 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2008-08-22 10:07 755,200 ----a-w C:\WINDOWS\system32\dllcache\VGX.dll
2008-08-22 10:07 193,536 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\system32\dllcache\corpol.dll
2008-08-22 10:07 18,944 ----a-w C:\WINDOWS\system32\corpol.dll
2008-08-22 10:07 116,224 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2008-08-22 10:07 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2008-08-22 10:05 70,656 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-08-22 10:05 630,272 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2008-08-22 10:05 61,952 ----a-w C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-22 10:05 580,608 ----a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-22 10:05 53,760 ----a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll
2008-08-22 10:05 48,128 ----a-w C:\WINDOWS\system32\dllcache\mshtmler.dll
2008-08-22 10:05 45,056 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\system32\imgutil.dll
2008-08-22 10:05 35,840 ----a-w C:\WINDOWS\system32\dllcache\imgutil.dll
2008-08-22 10:05 346,624 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-08-22 10:05 217,088 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-08-22 10:05 186,880 ----a-w C:\WINDOWS\system32\dllcache\iepeers.dll
2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\system32\mshta.exe
2008-08-22 10:04 45,568 ----a-w C:\WINDOWS\system32\dllcache\mshta.exe
2008-08-22 10:00 68,608 ----a-w C:\WINDOWS\system32\dllcache\hmmapi.dll
2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\system32\msls31.dll
2008-08-22 09:57 156,160 ----a-w C:\WINDOWS\system32\dllcache\msls31.dll
2008-08-22 09:42 443,392 ----a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-18 19:11 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-09 22:24 --------- d-----w C:\Program Files\SpeedFan
2008-07-31 00:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-26 05:56 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-25 08:34 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-07-25 08:34 683,520 ----a-w C:\WINDOWS\system32\divx.dll
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-17 23:13 --------- d-----w C:\Documents and Settings\James\Application Data\Move Networks
2008-07-16 18:51 2,041,363 ----a-w C:\WINDOWS\system32\x264vfw.dll
2008-07-14 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-14 22:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-14 21:59 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-14 18:47 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-14 06:56 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-14 06:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-07-14 06:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-07-14 06:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-07-14 06:56 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-07-14 06:52 --------- d-----w C:\Program Files\Motorola
2008-07-14 06:52 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-07-14 03:14 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-07-14 03:14 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-07-14 03:14 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-07-14 03:14 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-07-14 03:14 --------- d-----w C:\Program Files\Symantec
2008-07-09 21:23 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-07-09 02:25 --------- d-----w C:\Documents and Settings\James\Application Data\Symantec
2008-07-09 01:56 --------- d-----w C:\Program Files\COMODO
2008-07-09 01:56 --------- d-----w C:\Documents and Settings\James\Application Data\Comodo
2008-07-09 01:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-07-09 01:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-07-09 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-07 22:27 0 -c--a-w C:\Documents and Settings\James\jagex_runescape_preferences.dat
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-04 04:18 --------- d-----w C:\Program Files\Steam
2008-07-02 04:13 --------- d-----w C:\Program Files\IrfanView
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 133,120 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 02:22 7,273 -c--a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-06-13 02:22 64,553 -c--a-w C:\WINDOWS\BricoPackUninst.cmd
2008-06-13 02:22 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-06-12 18:36 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll
2008-06-12 18:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 18:27 26,112 -c--a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 18:27 24,576 -c--a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 18:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2008-06-08 04:46 98,304 -c--a-w C:\WINDOWS\system32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 17:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"SpywareTerminator"="C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-29 19:56 1817600]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [2007-07-09 22:24:38 1134592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 22:19 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^James^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^James^Start Menu^Programs^Startup^UberIcon.lnk]
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^James^Start Menu^Programs^Startup^Y'z Shadow.lnk]
path=C:\Documents and Settings\James\Start Menu\Programs\Startup\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^James^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\James\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart]
C:\Program Files\ViStart\ViStart [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-07 18:26 119280 C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a--c--- 2008-04-13 17:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart]
--a------ 2008-07-15 13:20 4474096 C:\Program Files\RegistrySmart\RegistrySmart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a--c--- 2005-01-12 03:01 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM]
--a------ 2007-10-29 16:43 662016 C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a--c--- 2008-06-19 21:38 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a--c--- 2005-11-10 04:44 557056 C:\WINDOWS\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a--c--- 2006-03-02 07:22 577536 C:\WINDOWS\soundman.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"VTTimer"=VTTimer.exe
"VTTrayp"=VTtrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IEPro\\MiniDM.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-06-29 19:56]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-01-14 17:22]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-06-25 06:36]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 15:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 19:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 17:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 15:18]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5aeca119-778f-11dd-8b8f-00c0a8bac122}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc083aae-2e9f-11dd-8ae3-00c0a8bac122}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\mf821jip.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.yahoo.com
FF -: plugin - C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.2.121.17\npGoogleOneClick.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-01 17:56:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-01 17:58:22
ComboFix-quarantined-files.txt 2008-09-02 00:58:15
ComboFix2.txt 2008-08-24 00:06:29

Pre-Run: 23,570,800,640 bytes free
Post-Run: 23,588,360,192 bytes free

269 --- E O F --- 2008-08-26 23:55:52
 
Also i know norton takes up a lot of resources but i cannot remove it because my brother bought it for me and i would feel bad if i did.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:26 PM, on 9/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\James\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.everex.com/
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 5864 bytes
 
You must log in or register to reply here.
Back
Top