Slow computer - malware?

Hi,

I recently had problems with some kind of malware, but you helped in their cleaning and removal.

All seemed fine, but now my computer seems to be running slower than it usually did. AVG indicates no virus problem, but the computer just seems "tired".

I've run HJT and added the log below. Is there a problem?

Thanks very much once again for your help.

Wayne

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:33 PM, on 10/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Usr\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GUCI_AVS] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [PAP7501_Monitor] C:\WINDOWS\PixArt\PAP7501\GUCI_AVS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Usr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251882685281
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB31B80C-0EB0-40F7-804B-8CD8A94FDD6F}: NameServer = 203.144.207.29 203.144.207.49
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11054 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Did the scan and the log says there are no malware. However, I've noticed that my computer, for some reason, only slows down when I'm online. Because I'm always online, I hadn't noticed this. I've now got to find the answer as to why the computer slows down only when I'm online.

Thanks for your help, but apologies for wasting your time.

Please download ComboFix from BleepingComputer.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

I would also like to see a list of installed programs, so please do this:
Click Start > Run then copy/paste the following single-line command into the Run box and click OK:

C:\Qoobox\Add-Remove Programs.txt

In your next reply, please include the ComboFix log and the Add-Remove Programs log.

Thanks for your prompt reply. Here are the logs...

ComboFix 09-10-20.03 - Usr 10/22/2009 21:31.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.397 [GMT 7:00]
Running from: c:\documents and settings\Usr\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-20 13:48 . 2009-10-20 13:48 -------- d-----w- C:\My Music
2009-10-19 16:15 . 2009-10-19 16:15 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-19 16:15 . 2009-02-15 17:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-10-19 16:15 . 2009-02-15 17:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-10-19 16:15 . 2009-02-15 17:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-10-19 16:15 . 2009-10-19 16:15 -------- d-----w- c:\windows\system32\ZoneLabs
2009-10-19 16:15 . 2009-10-19 16:15 -------- d-----w- c:\program files\Zone Labs
2009-10-19 16:13 . 2009-10-22 14:32 -------- d-----w- c:\windows\Internet Logs
2009-10-19 15:05 . 2009-10-19 15:07 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-15 12:55 . 2009-10-15 12:55 -------- d-----w- c:\program files\Real
2009-10-13 23:59 . 2009-10-13 23:59 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-10-10 07:35 . 2009-10-12 00:14 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-10 06:41 . 2009-10-10 06:41 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-09 16:00 . 2009-10-09 16:00 35492 ---ha-w- c:\windows\system32\mlfcache.dat
2009-10-08 11:53 . 2009-10-08 11:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-08 11:53 . 2009-10-08 11:53 -------- d-----w- c:\documents and settings\Usr\Application Data\Office Genuine Advantage
2009-10-03 07:06 . 2009-10-03 08:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-03 07:06 . 2009-10-03 07:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-03 07:00 . 2009-10-15 19:01 -------- d-----w- c:\documents and settings\Usr\Local Settings\Application Data\WMTools Downloaded Files
2009-10-03 06:53 . 2008-04-17 06:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-10-03 06:52 . 2009-10-03 06:52 -------- d-----w- c:\program files\iPod
2009-10-03 06:52 . 2009-10-03 06:53 -------- d-----w- c:\program files\iTunes
2009-10-03 04:15 . 2009-10-03 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-03 04:14 . 2009-10-15 09:34 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-03 04:14 . 2009-10-03 04:14 -------- d-----w- c:\documents and settings\Usr\Application Data\SUPERAntiSpyware.com
2009-10-03 04:13 . 2009-10-03 04:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 01:05 . 2009-10-02 01:05 -------- d-----w- C:\Combo-Fix
2009-09-29 11:06 . 2009-09-29 11:06 -------- d-----w- c:\documents and settings\Usr\Application Data\Malwarebytes
2009-09-29 11:05 . 2009-09-10 07:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 11:05 . 2009-09-29 11:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-29 11:05 . 2009-09-29 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-29 11:05 . 2009-09-10 07:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 11:23 . 2009-09-28 11:23 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-09-27 04:11 . 2009-09-27 07:18 -------- d-----w- c:\windows\BDOSCAN8
2009-09-27 03:56 . 2007-08-01 15:47 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-27 03:13 . 2009-09-27 04:00 -------- d-----w- c:\documents and settings\Usr\.housecall6.6
2009-09-25 09:15 . 2009-09-25 09:15 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
2009-09-24 09:34 . 2009-09-24 09:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-24 09:27 . 2009-09-24 09:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-23 18:49 . 2009-09-23 18:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-09-23 18:44 . 2009-10-08 17:06 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-09-23 18:34 . 2009-09-23 18:34 -------- d-----w- c:\program files\YouTube Downloader
2009-09-23 17:33 . 2009-09-23 18:47 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 14:20 . 2009-09-06 03:25 -------- d-----w- c:\program files\Camfrog
2009-10-22 10:39 . 2009-09-02 13:38 -------- d-----w- c:\documents and settings\Usr\Application Data\BitTorrent
2009-10-21 16:51 . 2009-09-02 14:26 -------- d-----w- c:\documents and settings\Usr\Application Data\vlc
2009-10-20 08:17 . 2009-09-02 07:28 38616 ----a-w- c:\documents and settings\Usr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 17:14 . 2009-10-18 08:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-18 23:35 . 2009-10-15 12:57 -------- d-----w- c:\program files\Common Files\Real
2009-10-18 23:34 . 2009-10-18 23:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-18 23:34 . 2009-09-02 07:56 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-18 23:34 . 2009-09-02 07:56 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-18 23:29 . 2009-10-15 19:30 -------- d-----w- c:\program files\Ask.com
2009-10-18 23:29 . 2009-09-02 13:42 -------- d-----w- c:\program files\Yahoo!
2009-10-18 08:45 . 2009-10-18 08:41 -------- d-----w- c:\program files\SpywareBlaster
2009-10-18 07:52 . 2009-10-18 07:52 -------- d-----w- c:\program files\Trend Micro
2009-10-03 06:52 . 2009-09-06 21:22 -------- d-----w- c:\program files\Common Files\Apple
2009-09-23 18:55 . 2009-09-06 21:27 -------- d-----w- c:\documents and settings\Usr\Application Data\Apple Computer
2009-09-17 07:42 . 2009-09-17 07:41 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-12 16:40 . 2009-09-12 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-12 16:38 . 2009-09-12 16:37 -------- d-----w- c:\program files\QuickTime
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 21:27 . 2009-09-06 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-09-06 21:23 . 2009-09-06 21:23 -------- d-----w- c:\program files\Bonjour
2009-09-06 21:23 . 2009-09-06 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-06 21:22 . 2009-09-06 21:22 -------- d-----w- c:\program files\Apple Software Update
2009-09-06 21:22 . 2009-09-06 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-09-06 03:25 . 2009-09-06 03:25 -------- d-----w- c:\documents and settings\Usr\Application Data\Camfrog
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 16:47 . 2009-09-04 16:47 -------- d-----w- c:\program files\KYE
2009-09-04 16:47 . 2009-09-04 16:46 -------- d-----w- c:\program files\Common Files\PAP7501
2009-09-04 16:46 . 2009-09-02 07:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-03 17:28 . 2009-09-03 17:28 -------- d-----w- c:\program files\MSBuild
2009-09-03 17:28 . 2009-09-03 17:28 -------- d-----w- c:\program files\Reference Assemblies
2009-09-03 17:24 . 2009-09-03 17:24 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-09-03 03:26 . 2009-09-03 03:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-03 03:26 . 2009-09-03 03:26 -------- d-----w- c:\program files\Java
2009-09-03 01:44 . 2009-09-03 01:44 0 ----a-w- c:\windows\nsreg.dat
2009-09-02 16:04 . 2009-09-02 16:04 -------- d-----w- c:\program files\MSXML 4.0
2009-09-02 13:52 . 2009-09-02 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-02 13:45 . 2009-09-02 13:45 -------- d-----w- c:\documents and settings\Usr\Application Data\Yahoo!
2009-09-02 13:38 . 2009-09-02 13:38 -------- d-----w- c:\program files\BitTorrent
2009-09-02 12:56 . 2009-09-02 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-09-02 12:53 . 2009-09-02 12:53 -------- d-----w- c:\program files\Messenger Plus! Live
2009-09-02 12:41 . 2009-09-02 08:25 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-02 12:41 . 2009-09-02 08:25 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-02 12:41 . 2009-09-02 08:25 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-02 12:37 . 2009-09-02 12:37 -------- d-----w- c:\program files\BIPAC-7000 ADSL USB Modem
2009-09-02 11:44 . 2009-09-02 11:44 -------- d-----w- c:\documents and settings\Usr\Application Data\Windows Live Writer
2009-09-02 11:37 . 2009-09-02 11:33 -------- d-----w- c:\program files\Microsoft
2009-09-02 11:37 . 2009-09-02 11:37 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-02 11:37 . 2009-09-02 11:32 -------- d-----w- c:\program files\Windows Live
2009-09-02 11:34 . 2009-09-02 11:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-02 11:33 . 2009-09-02 11:33 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-02 11:12 . 2009-09-02 11:12 -------- d-----w- c:\program files\Common Files\Windows Live
2009-09-02 10:11 . 2009-09-02 10:11 -------- d-----w- c:\program files\VideoLAN
2009-09-02 08:43 . 2009-09-02 07:56 -------- d-----w- c:\program files\Common Files\Logitech
2009-09-02 08:25 . 2009-09-02 08:25 -------- d-----w- c:\program files\AVG
2009-09-02 08:25 . 2009-09-02 08:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-02 08:23 . 2009-09-02 08:23 -------- d-----w- c:\program files\MSECache
2009-09-02 08:19 . 2009-09-02 08:19 -------- d-----w- c:\program files\Microsoft.NET
2009-09-02 08:19 . 2009-09-02 08:19 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-09-02 08:14 . 2009-09-02 08:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-02 08:11 . 2009-09-02 08:11 -------- d-----w- c:\program files\Auslogics
2009-09-02 08:11 . 2009-09-02 08:11 -------- d-----w- c:\documents and settings\Usr\Application Data\Auslogics
2009-09-02 08:09 . 2009-09-02 08:09 -------- d-----w- c:\program files\CCleaner
2009-09-02 08:08 . 2009-09-02 08:08 -------- d-----w- c:\program files\7-Zip
2009-09-02 07:56 . 2009-09-02 07:56 -------- d-----w- c:\program files\Common Files\Acer
2009-09-02 07:56 . 2009-09-02 07:56 -------- d-----w- c:\program files\Acer
2009-09-02 07:48 . 2009-09-02 07:32 -------- d-----w- c:\program files\Atheros
2009-09-02 07:48 . 2009-09-02 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros
2009-09-02 07:48 . 2009-09-02 07:48 -------- d-----w- c:\documents and settings\Usr\Application Data\InstallShield
2009-09-02 07:43 . 2009-09-02 07:43 -------- d-----w- c:\program files\Synaptics
2009-09-02 07:41 . 2009-09-02 07:41 -------- d-----w- c:\program files\Realtek
2009-09-02 07:41 . 2009-09-02 07:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-02 07:40 . 2009-09-02 07:40 -------- d-----w- c:\program files\Launch Manager
2009-09-02 07:39 . 2009-09-02 07:39 -------- d-----w- c:\program files\Marvell
2009-09-02 07:26 . 2009-09-02 07:26 -------- d-----w- c:\program files\Intel
2009-09-02 07:20 . 2009-09-02 07:20 -------- d-----w- c:\program files\microsoft frontpage
2009-09-02 07:16 . 2009-09-02 07:16 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 21:00 . 2009-08-23 21:00 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-08-23 21:00 . 2009-08-23 21:00 426496 ------w- c:\windows\system32\imapi2.dll
2009-08-06 12:24 . 2009-09-02 07:17 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 12:24 . 2009-09-02 07:17 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 12:24 . 2009-09-02 09:12 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 12:24 . 2009-09-02 07:17 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 12:24 . 2009-09-02 07:17 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 12:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 12:23 . 2009-09-02 07:17 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 12:23 . 2009-09-02 14:42 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 12:23 . 2009-09-02 14:42 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 12:23 . 2009-09-02 07:17 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 13:44 . 2004-08-04 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 12:52 . 2009-08-04 12:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-03 08:07 . 2009-08-03 08:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 08:07 . 2009-08-03 08:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 08:07 . 2009-08-03 08:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Usr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-02 133104]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-10-15 2000112]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 471040]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-28 766041]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-22 2025752]
"CnxDslTaskBar"="c:\program files\BIPAC-7000 ADSL USB Modem\CnxDslTb.exe" [2004-01-27 462848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-03 149280]
"GUCI_AVS"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"PAP7501_Monitor"="c:\windows\PixArt\PAP7501\GUCI_AVS.exe" [2007-12-10 323584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-18 198160]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-07-19 16248320]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-07-19 2879488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 08:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-02 12:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/2/2009 3:25 PM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/2/2009 3:25 PM 297752]
R3 CnxEtP;Conexant AccessRunner USB ADSL WAN Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [9/2/2009 7:37 PM 60288]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [9/2/2009 7:37 PM 646784]
R3 CnxTgN;Conexant AccessRunner USB ADSL WAN Adapter Driver;c:\windows\system32\drivers\CnxTgN.sys [9/2/2009 7:37 PM 108675]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/24/2009 1:44 AM 133104]
S3 GUCI_AVS;Generic USB Controller Interface (AVS);c:\windows\system32\drivers\GUCI_AVS.sys [9/4/2009 11:47 PM 540160]
.
Contents of the 'Scheduled Tasks' folder

2009-10-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 05:34]

2009-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 18:43]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-23 18:43]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-839522115-1640007363-1003Core.job
- c:\documents and settings\Usr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-02 12:43]

2009-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-839522115-1640007363-1003UA.job
- c:\documents and settings\Usr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-02 12:43]

2009-10-22 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 08:07]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Usr\Application Data\Mozilla\Firefox\Profiles\1xwt1fhr.default\
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3076)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-22 21:43
ComboFix-quarantined-files.txt 2009-10-22 14:43
ComboFix2.txt 2009-10-01 13:01

Pre-Run: 12,041,920,512 bytes free
Post-Run: 12,648,509,440 bytes free

- - End Of File - - 54F74F93A5A610850CF73829CE1F34D5


7-Zip 4.65
Acer OrbiCam
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.3
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros for Acer Driver 5.3.0.45_Foxconn Installation Program
Atheros Wireless LAN
AusLogics Disk Defrag
AusLogics Registry Defrag
AVG 8.5
BIPAC-7000 ADSL USB WAN Adapter
BitTorrent
Bonjour
CCleaner (remove only)
ClearType Tuning Control Panel Applet
Compatibility Pack for the 2007 Office system
Google Chrome
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
iTunes
Java(TM) 6 Update 16
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5)
MSVCRT
MSXML 4.0 SP2 (KB954430)
OGA Notifier 2.0.0048.0
Picasa 3
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Spybot - Search & Destroy
SpywareBlaster 4.2
SUPERAntiSpyware Free Edition
SuyinNBCam
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB951978)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB2.0 PC Camera
VC 9.0 Runtime
VLC media player 1.0.1
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Software Update
YouTube Downloader 2.5.1
ZoneAlarm


Thank you

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Here's the log - again no malware....

Malwarebytes' Anti-Malware 1.41
Database version: 3015
Windows 5.1.2600 Service Pack 3

10/23/2009 11:35:56 AM
mbam-log-2009-10-23 (11-35-56).txt

Scan type: Quick Scan
Objects scanned: 97610
Time elapsed: 7 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

Here's the report:

Scanning Report

Friday, October 23, 2009 14:06:39 - 15:09:31

Computer name: USR-NB
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ D:\ G:\

7 malware found

TrackingCookie.Questionmarket (spyware)
System (Disinfected)
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Atwola (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
Statistics

Scanned:
Files: 40788
System: 3241
Not scanned: 11
Actions:
Disinfected: 7
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\TEMP\ETILQS_GMTOBFDR71ECOMP8MQBS
C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\TEMP\ETILQS_UB2NOIB4QY2YDBROWF8P
C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\TEMP\ETILQS_O3WRPRKUOLDLGOTPQUIS
C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT SESSION
C:\DOCUMENTS AND SETTINGS\USR\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\CHROME\USER DATA\DEFAULT\CURRENT TABS
Options

Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Here you go: Thanks!

Results of screen317's Security Check version 0.99.0
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 8.5
ZoneAlarm
Antivirus up to date!
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
CCleaner (remove only)
Java(TM) 6 Update 16
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
Zone Labs ZoneAlarm zlclient.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

• SpywareBlaster
  SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  
• Spybot - Search & Destroy.
  Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).
  

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

• Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  
• hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.
  

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

• Firefox may be downloaded from here: http://www.getfirefox.com
  
• Opera is available here: http://www.opera.com/download/
  

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?