Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Very slow FF & email - SpywareTerminator - Joke.Infect

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 19th, 2008, 2:21 pm

Hi!

REPOST - I've been helped here previously and unfortunately back with some issues.

I transitioned from IE to Firefox, initially it was quite a bit faster, then slowed down. Recently I've been doing a great amount of research on blogs and searching through monster/workopolis/careerbuilder. It seemed to begin when I emailed a job posting, because AVAST freaked out with its virus siren. In the past, I cancelled the emails when this happened, this time I didn't.

It is very slow loading pages via Firefox - sometimes 5 minutes, sometimes it takes 2 minutes to open an email in my inbox.

I've run Xoftcopy, SuperAnti-Spyware, Spyware Guard and Malwarebytes anti-spyware - nothing shows up. Each night as scheduled Spyware Terminator runs - nothing shows up; Scotty's on Patrol and nothing shows up; ZoneAlarm isn't ringing.

I'm running a thorough diagnostic via AVAST - it's barely 1% through, running over 5 hours now.

I added RogueRemover - which found 4 threats and removed them.

I added bitdefender, AIMFIX, gdata - antiworm and RemoveIT.

Prior to this posting, I read the posting about slow computers - disabled a few startups, indexing and dns, plus I've defragged and cleaned disk - all to no avail. I'm wondering if there is a conflict between IE and firefox? After being unable to access the internet with only IE installed, I'd prefer to keep both on my system .... just in case.

I just ran a complete Virus and Spyware scan through Spyware Terminator - found this - 2 times now, even with all the scans.

Threat Files
<Joke.FakeInfect> : C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe
<Joke.FakeInfect> : C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe

It was posted as a mid-serious threat.

Here's my fresh HJT file, since adding and scanning all the extra programs:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:18 PM, on 19/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.net/set_region.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.net/set_region.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://dev.imagingworld.co.kr/printerhe ... rinter.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 10069 bytes


Thank you for your help in advance!
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm
Advertisement
Register to Remove

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 23rd, 2008, 4:30 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 23rd, 2008, 4:57 pm

Hello Sandra,

Before we start, is there any reason you did not finish your topic, when you were helped here before? viewtopic.php?f=11&t=31984

<Joke.FakeInfect> : C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe
These are false positives (it's safe).

You need to remove an antivirus program, having multiple antivirus programs installed can cause system instability. If Bitdefender is the free version it does not have real time protection so I suggest you remove it.

You seem to have numerous protection programs installed, having too many of these running can cause serious slowdown and I believe might be the root of your problems, so I will take a look there first.

Internet Explorer and Firefox should co-exist happily on your computer, they do on mine.


Step 1:
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg


Step 2:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.


Step 3:
Run HijackThis, do a system scan and post the following into your next reply.
  • The uninstall list
  • The NOD32 results
  • A new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 23rd, 2008, 5:00 pm

Thank you, I'll await your review.

Would you please remove or notate the post I must have simultaneously placed in the bump room. After this I had to reboot my system, it was moving sooo slow!

Thanks again!!

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 23rd, 2008, 7:30 pm

Hi

My system was running very slow BEFORE adding the additional spyware programs - RemoveIt, GRemover, BidDefender and RoqueRemover - and I followed the instructions here to check for slow systems before adding them. It seemed like a virus et al to me, so I tried the others.

To answer your question regarding the last link, the problem was resolved.

Step 1 - first HJT log - before ESET (running for 2 hours and still a long way to go)

Ad-Aware
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.8
avast! Antivirus
BitDefender Free Edition v10
CD Viewer
Club Player Casino
ESET Online Scanner
Forms on CD
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HP Driver Diagnostics
hp instant support
hp officejet g series
HP OfficeJet G Series
Java(TM) 6 Update 7
Kodak EasyShare software
Logitech MouseWare 9.80
Malwarebytes' Anti-Malware
Malwarebytes' RogueRemover
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.3)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Paltalk Messenger
QuarkXPress 5.0
RemoveIT Pro v4 - SE
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Spyware Terminator
SpywareBlaster 4.1
SpywareGuard v2.2
SUPERAntiSpyware Free Edition
TELUS eCare
TELUS eCare Plugin
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Winamp

thanks!
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 24th, 2008, 12:43 pm

HI

I ran the esat scanner (11 hours) and it detected 4 threats (incl bitdefender) but I couldn't find the log file.

I followed the link to windows->systems32->onlinescanner UNINSTALL and did so, I'll re-install and try again.

Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 24th, 2008, 5:17 pm

Hello Sandra,

To answer your question regarding the last link, the problem was resolved.
While I appreciate you felt it was resolved, Dan12 wasn't quite as certain: http://www.malwareremoval.com/forum/vie ... 11#p318711

My system was running very slow BEFORE adding the additional spyware programs - RemoveIt, GRemover, BidDefender and RoqueRemover - and I followed the instructions here to check for slow systems before adding them. It seemed like a virus et al to me, so I tried the others.
I was more or less referring to Spyware Terminator and Ad-Aware. Spyware Terminator can be prone to false positives as you have seen and its realtime scanner can be a bit of a resource hog from what I have read. Ad-Aware has a service which always runs in the background which is of no benefit and can slow down a pc unnecessarily. You have Malwarebytes and SuperAntiSpyware installed which in my opinion have superior detection and removal rates to the other two. If you were to regularly scan with either or both of those along with a good hosts file, would give you better protection than Spyware Terminators real time protection in my personal opinion. Anyway let's sort this problem out first.

I ran the esat scanner (11 hours) and it detected 4 threats (incl bitdefender) but I couldn't find the log file.
Is the log not at C:\Program Files\EsetOnlineScanner\log.txt?


You do need to uninstall Bitdefender, I will add other programs which you may like to uninstall also which may help speed up your computer. I'll let you decide whether you want to keep them or not.

Step 1:
  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    BitDefender Free Edition v10
    Ad-Aware
    RemoveIT Pro v4 - SE
    Spyware Terminator
    SpywareGuard v2.2

Step 2:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 25th, 2008, 12:46 pm

Hi

I removed:
Bitdefender
Ad Aware
RemoveIT
Spyware Terminator
Spyware Guard
Spyware Blaster

Rebooted.

Ran RSIT - here are both files produced:

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sandra Miller at 2008-10-25 10:11:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 40 GB (52%) free of 78 GB
Total RAM: 255 MB (9% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:19 AM, on 25/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sandra Miller\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sandra Miller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.net/set_region.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.net/set_region.html
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Fire-Trust SiteHound - {C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: SiteHound - {73F7F495-A325-4C52-BE48-5F97FA511E89} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\Program Files\FireTrust\SiteHound\SiteHound.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://dev.imagingworld.co.kr/printerhe ... rinter.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 8327 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\XoftSpySE 2.job
C:\WINDOWS\tasks\XoftSpySE.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}]
CPub Object - C:\Program Files\FireTrust\SiteHound\SiteHound.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}]
C:\WINDOWS\system32\mscoree.dll [2006-12-22 271360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{73F7F495-A325-4C52-BE48-5F97FA511E89} - SiteHound - C:\Program Files\FireTrust\SiteHound\SiteHound.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-04-25 333120]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableRegedit"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-10-25 10:11:12 ----D---- C:\rsit
2008-10-23 14:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 23:55:27 ----D---- C:\Program Files\Common Files\Softwin
2008-10-17 16:36:36 ----D---- C:\Program Files\RogueRemover FREE
2008-10-17 16:34:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 03:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 12:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-28 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-27 02:57:47 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-27 02:57:10 ----D---- C:\WINDOWS\Prefetch
2008-09-27 01:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-27 01:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-27 01:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-27 01:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-27 00:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-27 00:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-27 00:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-27 00:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-27 00:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-27 00:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-27 00:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-27 00:29:43 ----A---- C:\WINDOWS\setuplog.txt
2008-09-27 00:22:28 ----D---- C:\WINDOWS\system32\scripting
2008-09-27 00:22:15 ----D---- C:\WINDOWS\l2schemas
2008-09-27 00:22:11 ----D---- C:\Program Files\msn
2008-09-27 00:22:10 ----D---- C:\WINDOWS\system32\en

======List of files/folders modified in the last 1 months======

2008-10-25 10:13:03 ----D---- C:\WINDOWS\Internet Logs
2008-10-25 08:19:50 ----D---- C:\WINDOWS\TEMP
2008-10-25 01:18:39 ----D---- C:\Program Files\Mozilla Firefox
2008-10-24 23:51:45 ----AD---- C:\Program Files
2008-10-24 23:50:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-24 22:05:30 ----D---- C:\WINDOWS
2008-10-24 17:50:22 ----SHD---- C:\WINDOWS\Installer
2008-10-24 17:50:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 17:50:08 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-24 17:49:56 ----D---- C:\WINDOWS\SYSTEM32
2008-10-24 17:47:09 ----D---- C:\Program Files\SpywareBlaster
2008-10-24 17:46:35 ----D---- C:\Program Files\SpywareGuard
2008-10-24 10:26:48 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-23 15:26:06 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-23 14:27:59 ----HD---- C:\WINDOWS\INF
2008-10-23 14:27:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-23 14:26:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-20 12:04:19 ----D---- C:\downloads
2008-10-18 11:42:06 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-17 23:55:27 ----RD---- C:\Program Files\Common Files
2008-10-16 03:51:24 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 03:47:46 ----D---- C:\Program Files\Internet Explorer
2008-10-16 03:46:59 ----D---- C:\WINDOWS\ie7updates
2008-10-16 03:21:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-15 12:17:58 ----SHD---- C:\WINDOWS\CSC
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-13 14:15:29 ----D---- C:\Program Files\XoftSpySE
2008-10-10 13:25:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 10:36:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-10 09:05:06 ----D---- C:\Program Files\Plaxo
2008-10-09 23:44:41 ----AC---- C:\WINDOWS\ActiveAct.INI
2008-10-09 13:00:50 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2008-10-09 12:42:21 ----D---- C:\Program Files\ACT
2008-10-09 12:15:08 ----D---- C:\Documents and Settings\Sandra Miller\Application Data\Identities
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-27 03:02:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-27 02:55:48 ----D---- C:\WINDOWS\system32\Setup
2008-09-27 02:55:48 ----D---- C:\WINDOWS\ime
2008-09-27 02:55:47 ----D---- C:\WINDOWS\system32\wbem
2008-09-27 02:55:47 ----D---- C:\WINDOWS\AppPatch
2008-09-27 02:55:45 ----RSD---- C:\WINDOWS\FONTS
2008-09-27 00:52:47 ----RD---- C:\Program Files\Messenger
2008-09-27 00:51:54 ----D---- C:\WINDOWS\security
2008-09-27 00:26:05 ----D---- C:\WINDOWS\WinSxS
2008-09-27 00:25:06 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-27 00:24:01 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-27 00:24:00 ----D---- C:\WINDOWS\network diagnostic
2008-09-27 00:23:57 ----D---- C:\WINDOWS\HELP
2008-09-27 00:22:35 ----D---- C:\WINDOWS\system32\usmt
2008-09-27 00:22:35 ----D---- C:\WINDOWS\system32\en-US
2008-09-27 00:22:09 ----D---- C:\WINDOWS\system32\bits
2008-09-27 00:22:09 ----D---- C:\WINDOWS\peernet
2008-09-27 00:22:08 ----RD---- C:\Program Files\Movie Maker
2008-09-27 00:05:02 ----D---- C:\WINDOWS\system32\Restore
2008-09-27 00:05:02 ----D---- C:\WINDOWS\system32\npp
2008-09-27 00:05:01 ----D---- C:\WINDOWS\mui
2008-09-27 00:04:55 ----D---- C:\WINDOWS\MSAGENT
2008-09-27 00:04:50 ----D---- C:\WINDOWS\srchasst
2008-09-27 00:04:40 ----RD---- C:\Program Files\NetMeeting
2008-09-27 00:04:33 ----D---- C:\WINDOWS\system32\Com
2008-09-27 00:04:22 ----RD---- C:\Program Files\Windows Media Player
2008-09-27 00:04:19 ----RD---- C:\Program Files\Outlook Express
2008-09-27 00:04:07 ----D---- C:\Program Files\Common Files\SYSTEM
2008-09-27 00:00:58 ----D---- C:\WINDOWS\system32\oobe
2008-09-27 00:00:51 ----D---- C:\WINDOWS\SYSTEM
2008-09-26 23:41:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-26 23:38:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-26 23:24:31 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2002-09-04 34938]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2004-04-06 8448]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DCFS2K;DCFS2K; C:\WINDOWS\system32\drivers\dcfs2k.sys [2002-02-28 36885]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-11-30 41984]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-11 51582]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-01-14 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2002-08-29 84480]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2002-09-04 131509]
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2002-02-28 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2002-02-28 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2002-02-28 55866]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DrvFltIp;DrvFltIp; \??\C:\Program Files\MRBDG\DrvFltIp.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20041209.018\symidsco.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbFltr;WayTech USB Filter Driver; C:\WINDOWS\System32\Drivers\UsbFltr.sys [2004-05-13 12416]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Dcfssvc;Dcfssvc; C:\WINDOWS\system32\drivers\dcfssvc.exe [2002-02-28 188987]
R2 MSSQL$ACT7;MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe [2008-07-09 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$ACT7;SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-25 10:18:10

======Uninstall list======

-->C:\PROGRA~1\TELUSE~1\Uninstall.exe TELUS
-->MsiExec.exe /X{2642BE09-1F9F-4E18-AAD4-0258B9BCE611}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CD Viewer-->"C:\Program Files\Storefront.com\CD VIEWER\unins000.exe"
Club Player Casino-->"C:\Program Files\Club Player Casino\Install.exe" -u
Forms on CD-->C:\WINDOWS\iun6002.exe "C:\Program Files\Computer Protection Software\irunin.ini"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /I{16BE87BC-69F5-4D36-8CF0-E1CB3ACD5ED3}
hp instant support-->C:\PROGRA~1\HEWLET~1\AiO\HPis\Uninstall.exe CeS
HP OfficeJet G Series-->"C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\Uninstall\hpourn07.exe" /Path="C:\Program Files\Hewlett-Packard\HP OfficeJet G Series" /Uninstall="HP OfficeJet G Series"
hp officejet g series-->C:\WINDOWS\system32\hpocon09.exe /u 1191724378 /d "hp officejet g series"
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kodak EasyShare software-->MsiExec.exe /I{11DB853A-6966-4724-BEAD-793C48AC8C54}
Logitech MouseWare 9.80 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Malwarebytes' RogueRemover-->"C:\Program Files\RogueRemover FREE\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{90190409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
Paltalk Messenger-->C:\WINDOWS\iun6002.exe "C:\Program Files\Paltalk Messenger\irunin.ini"
QuarkXPress 5.0-->MsiExec.exe /I{A7BF5269-3E74-11D5-B00F-00104B398D77}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
TELUS eCare Plugin-->C:\PROGRA~1\TELUSE~1\SMARTC~1\UNWISE.EXE C:\PROGRA~1\TELUSE~1\SMARTC~1\INSTALL.LOG
TELUS eCare-->C:\WINDOWS\Motive\TELUS\MCCUninst.exe
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery-->MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Writer-->MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
XoftSpySE-->C:\Program Files\XoftSpySE\uninstall.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Bejeweled%202/Images/armhelper.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\TELUSE~1\SMARTB~1\MotiveSB.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081025-0]
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8

-----------------EOF-----------------

thanks,
Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 25th, 2008, 4:23 pm

Hello Sandra,

I would remove XoftSpy also, it was once considered a rogue application. Your logs are clean, but I think we found the root of your issues:
Total RAM: 255 MB (9% free)

It's recommended to run XP with at least 512 MB of RAM, anything less and you are going to have serious issues with slowness, particularly with any resource intensive programs. Here is another article about slow computers which might be of help to you. http://users.telenet.be/bluepatchy/miek ... puter.html

Step 1:
  1. Download ERUNT from here
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  2. Install ERUNT by double clicking it and then following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option at a later date)
  3. Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  4. Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  5. Make sure that at least the first two check boxes are ticked which are System registry and Current user registry
  6. Press OK
  7. Press YES to create the folder.


Step 2:
Download OTMoveIt3 by Old Timer and save it to your Desktop.
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{73F7F495-A325-4C52-BE48-5F97FA511E89}"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\uTorrent\uTorrent.exe"=-

:commands
[emptytemp]
[reboot]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Step 3:
If your computer has not done so please reboot after step 2, then run RSIT.exe by double clicking it and post the following:
  • The OTMoveit3 log
  • The new RSIT log
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 25th, 2008, 8:12 pm

Hi

I've run the OT Moveit w/your insertion, system rebooted automatically.
Ran RSIT next and its log follows this.

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C86AE9C0-0909-4DDC-B661-C1AFB9F5AE53}\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{73F7F495-A325-4C52-BE48-5F97FA511E89} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73F7F495-A325-4C52-BE48-5F97FA511E89}\ not found.
Registry value HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\\SecurityProviders deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\\"SecurityProviders"|"msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver\\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard\\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\etilqs_MvsQsIIrBFjmWn2wGAch scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\fla35.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\fla3A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4c8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10252008_172033

Files moved on Reboot...
File C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\etilqs_MvsQsIIrBFjmWn2wGAch not found!
File C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\fla35.tmp not found!
File C:\DOCUME~1\SANDRA~1\LOCALS~1\Temp\fla3A.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_4c8.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_6ac.dat not found!
C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Sandra Miller\Local Settings\Application Data\Mozilla\Firefox\Profiles\b8qg6siw.default\XUL.mfl moved successfully.

**************************************

Logfile of random's system information tool 1.04 (written by random/random)
Run by Sandra Miller at 2008-10-25 17:55:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (53%) free of 78 GB
Total RAM: 255 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:58:17 PM, on 25/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Sandra Miller\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Sandra Miller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.net/set_region.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.telus.net/set_region.html
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {11316B13-33F0-4C9F-BD55-09994CCFA8EB} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://dev.imagingworld.co.kr/printerhe ... rinter.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/ins ... csxp2k.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL ... 586-jc.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Registe ... lashax.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O17 - HKLM\System\CS4\Services\Tcpip\..\{0F7A11C3-E76A-4E31-8BC2-D85744CF4B8F}: NameServer = 75.154.132.68,75.154.132.100
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

--
End of file - 7906 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}]
C:\WINDOWS\system32\mscoree.dll [2006-12-22 271360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-11 20992]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-04-25 333120]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-05-28 1506544]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0
"DisableRegedit"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 1 months======

2008-10-25 17:18:19 ----D---- C:\_OTMoveIt
2008-10-25 17:16:37 ----D---- C:\WINDOWS\ERDNT
2008-10-25 17:15:57 ----D---- C:\Program Files\ERUNT
2008-10-25 16:51:57 ----A---- C:\WINDOWS\erunt-setup.exe
2008-10-25 13:32:46 ----D---- C:\Program Files\EsetOnlineScanner
2008-10-25 10:11:12 ----D---- C:\rsit
2008-10-23 14:27:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-17 23:55:27 ----D---- C:\Program Files\Common Files\Softwin
2008-10-17 16:36:36 ----D---- C:\Program Files\RogueRemover FREE
2008-10-17 16:34:01 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 03:51:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-16 03:50:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-16 03:49:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-16 03:41:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-15 12:13:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-09-28 03:02:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-09-27 02:57:47 ----A---- C:\WINDOWS\OEWABLog.txt
2008-09-27 02:57:10 ----D---- C:\WINDOWS\Prefetch
2008-09-27 01:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-27 01:11:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-27 01:08:13 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-27 01:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-27 00:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-27 00:58:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-27 00:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-27 00:56:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-27 00:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-27 00:52:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-27 00:48:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-27 00:29:43 ----A---- C:\WINDOWS\setuplog.txt
2008-09-27 00:22:28 ----D---- C:\WINDOWS\system32\scripting
2008-09-27 00:22:15 ----D---- C:\WINDOWS\l2schemas
2008-09-27 00:22:11 ----D---- C:\Program Files\msn
2008-09-27 00:22:10 ----D---- C:\WINDOWS\system32\en

======List of files/folders modified in the last 1 months======

2008-10-25 17:57:25 ----D---- C:\WINDOWS\Internet Logs
2008-10-25 17:51:32 ----D---- C:\Program Files\Mozilla Firefox
2008-10-25 17:28:15 ----D---- C:\WINDOWS\TEMP
2008-10-25 17:26:32 ----D---- C:\WINDOWS
2008-10-25 17:23:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-25 17:23:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-25 17:15:57 ----AD---- C:\Program Files
2008-10-25 16:50:18 ----D---- C:\Program Files\XoftSpySE
2008-10-25 16:50:15 ----SD---- C:\WINDOWS\TASKS
2008-10-25 13:32:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-25 13:32:34 ----D---- C:\WINDOWS\SYSTEM32
2008-10-24 17:50:22 ----SHD---- C:\WINDOWS\Installer
2008-10-24 17:50:21 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-24 17:50:08 ----D---- C:\WINDOWS\system32\DRIVERS
2008-10-24 17:47:09 ----D---- C:\Program Files\SpywareBlaster
2008-10-24 17:46:35 ----D---- C:\Program Files\SpywareGuard
2008-10-23 14:27:59 ----HD---- C:\WINDOWS\INF
2008-10-23 14:27:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-23 14:26:51 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-20 12:04:19 ----D---- C:\downloads
2008-10-18 11:42:06 ----D---- C:\Program Files\SUPERAntiSpyware
2008-10-17 23:55:27 ----RD---- C:\Program Files\Common Files
2008-10-16 03:51:24 ----A---- C:\WINDOWS\imsins.BAK
2008-10-16 03:47:46 ----D---- C:\Program Files\Internet Explorer
2008-10-16 03:46:59 ----D---- C:\WINDOWS\ie7updates
2008-10-16 03:21:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-15 12:17:58 ----SHD---- C:\WINDOWS\CSC
2008-10-15 10:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-10 13:25:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-10 10:36:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-10 09:05:06 ----D---- C:\Program Files\Plaxo
2008-10-09 23:44:41 ----AC---- C:\WINDOWS\ActiveAct.INI
2008-10-09 13:00:50 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2008-10-09 12:42:21 ----D---- C:\Program Files\ACT
2008-10-09 12:15:08 ----D---- C:\Documents and Settings\Sandra Miller\Application Data\Identities
2008-10-07 12:19:42 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 11:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-27 03:02:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-09-27 02:55:48 ----D---- C:\WINDOWS\system32\Setup
2008-09-27 02:55:48 ----D---- C:\WINDOWS\ime
2008-09-27 02:55:47 ----D---- C:\WINDOWS\system32\wbem
2008-09-27 02:55:47 ----D---- C:\WINDOWS\AppPatch
2008-09-27 02:55:45 ----RSD---- C:\WINDOWS\FONTS
2008-09-27 00:52:47 ----RD---- C:\Program Files\Messenger
2008-09-27 00:51:54 ----D---- C:\WINDOWS\security
2008-09-27 00:26:05 ----D---- C:\WINDOWS\WinSxS
2008-09-27 00:25:06 ----D---- C:\WINDOWS\ServicePackFiles
2008-09-27 00:24:01 ----D---- C:\WINDOWS\system32\inetsrv
2008-09-27 00:24:00 ----D---- C:\WINDOWS\network diagnostic
2008-09-27 00:23:57 ----D---- C:\WINDOWS\HELP
2008-09-27 00:22:35 ----D---- C:\WINDOWS\system32\usmt
2008-09-27 00:22:35 ----D---- C:\WINDOWS\system32\en-US
2008-09-27 00:22:09 ----D---- C:\WINDOWS\system32\bits
2008-09-27 00:22:09 ----D---- C:\WINDOWS\peernet
2008-09-27 00:22:08 ----RD---- C:\Program Files\Movie Maker
2008-09-27 00:05:02 ----D---- C:\WINDOWS\system32\Restore
2008-09-27 00:05:02 ----D---- C:\WINDOWS\system32\npp
2008-09-27 00:05:01 ----D---- C:\WINDOWS\mui
2008-09-27 00:04:55 ----D---- C:\WINDOWS\MSAGENT
2008-09-27 00:04:50 ----D---- C:\WINDOWS\srchasst
2008-09-27 00:04:40 ----RD---- C:\Program Files\NetMeeting
2008-09-27 00:04:33 ----D---- C:\WINDOWS\system32\Com
2008-09-27 00:04:22 ----RD---- C:\Program Files\Windows Media Player
2008-09-27 00:04:19 ----RD---- C:\Program Files\Outlook Express
2008-09-27 00:04:07 ----D---- C:\Program Files\Common Files\SYSTEM
2008-09-27 00:00:58 ----D---- C:\WINDOWS\system32\oobe
2008-09-27 00:00:51 ----D---- C:\WINDOWS\SYSTEM
2008-09-26 23:41:31 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-09-26 23:38:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-09-26 23:24:31 ----D---- C:\WINDOWS\EHome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-07-19 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-07-19 42912]
R1 DcCam;Kodak Camera Proxy; C:\WINDOWS\System32\DRIVERS\DcCam.sys [2002-09-04 34938]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\drivers\moufiltr.sys [2004-04-06 8448]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2008-07-09 394952]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-07-19 94416]
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 DCFS2K;DCFS2K; C:\WINDOWS\system32\drivers\dcfs2k.sys [2002-02-28 36885]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2005-11-30 41984]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-07-19 23152]
R3 L8042pr2;Logitech PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys [2003-12-11 51582]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-11 70894]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2006-01-14 28256]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2002-08-29 84480]
S1 Exportit;Exportit; C:\WINDOWS\System32\DRIVERS\exportit.sys [2002-09-04 131509]
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
S3 DcFpoint;DcFpoint; C:\WINDOWS\System32\DRIVERS\DcFpoint.sys [2002-02-28 61568]
S3 DcLps;Legacy Polling Service; C:\WINDOWS\System32\DRIVERS\DcLps.sys [2002-02-28 8058]
S3 DcPTP;dcptp; C:\WINDOWS\System32\DRIVERS\DcPTP.sys [2002-02-28 55866]
S3 dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-08-17 23808]
S3 DrvFltIp;DrvFltIp; \??\C:\Program Files\MRBDG\DrvFltIp.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20041209.018\symidsco.sys []
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbFltr;WayTech USB Filter Driver; C:\WINDOWS\System32\Drivers\UsbFltr.sys [2004-05-13 12416]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-09-22 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Dcfssvc;Dcfssvc; C:\WINDOWS\system32\drivers\dcfssvc.exe [2002-02-28 188987]
R2 MSSQL$ACT7;MSSQL$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 7544916]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe [2008-07-09 75304]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 SQLAgent$ACT7;SQLAgent$ACT7; C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 311872]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

Seems a little better - but your noticing I have only 256 mg of RAM seems wrong, I'm certain I bought more than the standard package. Nonetheless, it has progressively become slower, but I'm running games, music, movies etc. If there are no viruses etc, what else could cause a slow down. I recently changed my power supply, could I have knocked out or loosened something?

thank you for the help!
Sandra

BTW, I removed Xoftspy as you advised.
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 26th, 2008, 12:35 pm

Hi Sandra,

If you click Start, then right click My Computer and select properties, you will see near the bottom how much RAM is installed. It may well be that a stick of RAM got loose. With a slow computer it could be many things, we can be fairly certain it's not malware in your case. It's often a hardware issue combined with with running programs that are resource intensive such as some games and other programs. There are some tests you could try that may help such as memtest86: http://www.memtest.org/ which checks for RAM errors or http://www.pcpitstop.com/ have a more general one and also dedicated tech support forums.

We can try remove some of the excess programs and services that are running, it might help a little bit. Check your RAM though, if you do decide to open up your computer make sure you are earthed before touching anything inside to avoid static electricity. Let me know how you get on.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 26th, 2008, 2:09 pm

Hi

I checked the ram it does state 256 mg - but I'm pretty sure I upgraded this. My files are packed away but I will check into buying more if it is available for this aged system ... HP Pavilion7950.

Memtest, but it only runs from an external disc and I don't have any blank ones currently.

PC Pitstop detailed:
25 settings to optimize Windows, IE & FF
198 junk files, temp & internet cache (which I thought I cleared yesterday)
819 incorrect or unneeded registry entries, failed program intallations, obsolete windows cache data or missing files.

This only provides a summary, is there a similar freeware program?

And anything else I can do in the meantime to facilitate a faster processing?

thanks!
Sandra
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 26th, 2008, 6:32 pm

You can ask about your pcpitstop results at http://forums.pcpitstop.com/ I'm not sure about other tests, pcpitstop have good tech support forums who may be able to help with your speed issues but the crux is lack of RAM. Check some hasn't got loose, if you were sold more RAM but only got 256 MB now would be a good time to find out. We can remove some unnecessary services and startup entries which may help slightly. I will stop SuperAntiSpyware from starting each time automatically.

Step 1:
  1. Please download RegASSASSIN and save it to your desktop. Do not run it directly from your browser.
  2. Right click on RegASSASSIN.exe and select Run as Administrator to run it.
  3. Copy and paste this in:
    Code: Select all
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_KLIF
  4. Click on Delete.
  5. Answer Yes to any prompts.
Repeat the process for each of the following:
Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_KLIF

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_KLIF

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDFsDrv

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BDFsDrv

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDFsDrv

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_BDRsDrv

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_BDRsDrv

Code: Select all
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_BDRsDrv



Step 2:
  • Double-click OTMoveIt3.exe.
  • Copy the lines in the codebox below.
Code: Select all
:files
C:\WINDOWS\system32\DRIVERS\klif.sys
C:\Program Files\Softwin\BitDefender10

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KLIF]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KLIF]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\KLIF]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDFsDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BDFsDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BDFsDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDRsDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BDRsDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BDRsDrv]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=-

:commands
[emptytemp]
[reboot]

  • Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTMoveIt3


Step 3:
Run RSIT.exe by double clicking it and post the following:
  • The OTMoveit3 log
  • The new RSIT log
Also let me know how your computer is running.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby godivarides » October 26th, 2008, 7:21 pm

Hi

Downloaded RegAssassin to desktop, rightclicked to open NO ACCESS, then rightclicked and RUN - set Administratoe - NO PASSWORD - NO ACCESS

Did I do something wrong?

I didn't run the other 2 steps as I understood them to hinge upon the first one.

Sandra

btw, the extra RAM I believe I purchased was at least a few years ago, which is why I'm uncertain where the bill is.
godivarides
Regular Member
 
Posts: 29
Joined: June 24th, 2008, 5:34 pm

Re: Very slow FF & email - SpywareTerminator - Joke.Infect

Unread postby Rodav » October 27th, 2008, 6:11 am

Sorry about the Run as Administrator part it's for Vista. Just double click RegAssasian to run it and continue with the rest of the steps.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 28 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware