Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

very slow machine and slow internet speed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

very slow machine and slow internet speed

Unread postby whitlog » July 24th, 2008, 1:03 pm

hello

my machine is very very slow, java seems to be playing up as well as it keeps saying i need to update but i have tryed to do this, also my internet speed is very slow and after seeking advice and help on the phone with my internet provider and them checking there end they also said i could have a virus or maybe spyware etc in my pc affecting my internet speed

below is my hijack log

thanks :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:46, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\Updater.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\UoL\MotD\MCHtml.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\{1806DF05-E364-443D-974F-6EF1BDACF88C}\setup.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Steganos Password Manager AutoFill - {1427A821-7B93-4F08-9A34-9FA03A3D93DB} - C:\Program Files\Steganos Security Suite 2007\PasswordManagerBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Message of the Day] C:\Program Files\UoL\MotD\MOTD2000.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm
Advertisement
Register to Remove

Re: very slow machine and slow internet speed

Unread postby ndmmxiaomayi » July 27th, 2008, 9:21 am

Hello,

Step 1

Please go to Virus Total or Jotti and upload C:\Updater.exe for scanning.

For Virus Total

  1. Please copy and paste C:\Updater.exe in the text box next to the Browse button.
  2. Click on Send File.

For Jotti

  1. Please copy and paste C:\Updater.exe in the text box next to the Browse button.
  2. Click on Submit.

Step 2

  1. Please download Deckard's System Scanner from Tech Support Forum and save it to your desktop. Note: You must be logged onto an account with administrator privileges.
  2. Save all your work and close all opened programs.
  3. Double click on dss.exe to run it. Follow the prompts.
  4. When the scan is complete, two log files will be produced. The first one, main.txt, will be maximized, the second one, extra.txt, will be minimized.
  5. Please post the contents of the 2 log files in your next reply. 1 log per reply please.

In your next reply, please post:

  1. The 2 Deckard's System Scanner reports
  2. The scan results of C:\updater.exe
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 10:08 am

Hello, first of thanks for your help i will post the logs in diffrent replys :)

first of the C:\Updater.exe log

Antivirus Version Last Update Result
AhnLab-V3 2008.7.26.0 2008.07.27 -
AntiVir 7.8.1.12 2008.07.26 -
Authentium 5.1.0.4 2008.07.27 -
Avast 4.8.1195.0 2008.07.26 -
AVG 8.0.0.130 2008.07.26 -
BitDefender 7.2 2008.07.27 -
CAT-QuickHeal 9.50 2008.07.25 -
ClamAV 0.93.1 2008.07.27 -
DrWeb 4.44.0.09170 2008.07.27 -
eSafe 7.0.17.0 2008.07.27 -
eTrust-Vet 31.6.5983 2008.07.26 -
Ewido 4.0 2008.07.27 -
F-Prot 4.4.4.56 2008.07.26 -
F-Secure 7.60.13501.0 2008.07.27 -
Fortinet 3.14.0.0 2008.07.26 -
GData 2.0.7306.1023 2008.07.27 -
Ikarus T3.1.1.34.0 2008.07.27 -
Kaspersky 7.0.0.125 2008.07.27 -
McAfee 5347 2008.07.25 -
Microsoft 1.3704 2008.07.27 -
NOD32v2 3301 2008.07.27 -
Norman 5.80.02 2008.07.25 -
Panda 9.0.0.4 2008.07.27 -
PCTools 4.4.2.0 2008.07.27 -
Prevx1 V2 2008.07.27 -
Rising 20.54.61.00 2008.07.27 -
Sophos 4.31.0 2008.07.27 -
Sunbelt 3.1.1536.1 2008.07.25 -
Symantec 10 2008.07.27 -
TheHacker 6.2.96.389 2008.07.25 -
TrendMicro 8.700.0.1004 2008.07.26 -
VBA32 3.12.8.1 2008.07.27 -
ViRobot 2008.7.26.1311 2008.07.26 -
VirusBuster 4.5.11.0 2008.07.26 -
Webwasher-Gateway 6.6.2 2008.07.27 -


File size: 212992 bytes
MD5...: 50d1955bca8825da78fc00f62fbb2b1d
SHA1..: fed45a6f55043a80df063122ad683aa2dfb13066
SHA256: 61e45b3b7b74f327c918a6834a9b535b4f00d0dd2df0f2b04f82b07bf197c42f
SHA512: 4872543c37386ed81987a7c5ee34d55cb093b6549a8221116b8e9e8129238dcd
795d19e8c297b0ed09736c345a1430fd38bad3eb69dd9f9b3ec113199158b200
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x416ae8
timedatestamp.....: 0x40e48014 (Thu Jul 01 21:20:20 2004)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1883a 0x19000 6.29 3fa575f95a67d11c40bdb9f71bd588d1
.rdata 0x1a000 0x802c 0x9000 4.72 51ee4690f6f516855a2f7c0541b2ce98
.data 0x23000 0x5c0 0x1000 1.90 fdd1dd8c066fff2be9066219365945aa
.rsrc 0x24000 0xf6e0 0x10000 4.81 6a1d022d51e9cf609791f096e89244ee

( 13 imports )
> LIBEXPATW.dll: -, -, -, -, -, -, -, -, -, -
> WININET.dll: InternetQueryOptionA, InternetCloseHandle, HttpOpenRequestA, InternetConnectA, InternetSetOptionA, InternetOpenA, InternetCrackUrlA, HttpQueryInfoA, HttpSendRequestA, InternetQueryDataAvailable, InternetReadFile, InternetGetConnectedState
> COMCTL32.dll: -
> boost_thread.dll: __0lock_error@boost@@QAE@XZ, _do_lock@recursive_mutex@boost@@AAEXXZ, _do_unlock@recursive_mutex@boost@@AAEXXZ, __0mutex@boost@@QAE@XZ, __1mutex@boost@@QAE@XZ, __1thread@boost@@QAE@XZ, _join@thread@boost@@QAEXXZ, __0lock_error@boost@@QAE@ABV01@@Z, _do_unlock@mutex@boost@@AAEXXZ, _do_lock@mutex@boost@@AAEXXZ, __1recursive_mutex@boost@@QAE@XZ, __0recursive_mutex@boost@@QAE@XZ, __0thread@boost@@QAE@ABV_$function0@XV_$allocator@Vfunction_base@boost@@@std@@@1@@Z, __1lock_error@boost@@UAE@XZ
> SHFOLDER.dll: SHGetFolderPathW
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, ExitProcess, FindClose, WaitForSingleObject, GetSystemTimeAsFileTime, GetCurrentProcessId, GetSystemDirectoryA, Sleep, InterlockedExchange, CloseHandle, GetLastError, FreeLibrary, CompareStringA, GetModuleHandleA, GetModuleFileNameA, GetWindowsDirectoryA, SetLastError, LoadLibraryA
> USER32.dll: TrackMouseEvent, EndDialog, IsWindow, EndPaint, FillRect, GetClientRect, GetDlgItem, PtInRect, SetCursor, SetWindowRgn, IsWindowVisible, InvalidateRect, UpdateWindow, ShowWindow, MoveWindow, AnimateWindow, GetSystemMetrics, TranslateMessage, SetRect, ClientToScreen, GetWindowRect, BeginPaint, PostQuitMessage, SetTimer, KillTimer
> GDI32.dll: SetBkMode, SelectObject, GetStockObject, DeleteObject, CreateCompatibleDC, BitBlt, DeleteDC, CreateRectRgn, SetTextColor, SetBkColor
> ole32.dll: CoCreateGuid
> MSVCP71.dll: _setiosflags@std@@YA_AU_$_Smanip@H@1@H@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@QAEAAV01@H@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, _find_first_of@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEIPB_WI@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, __0_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@1@H@Z, __6_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z, _endl@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@1@AAV21@@Z, _rfind@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, _insert@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z, _find@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, _find_first_not_of@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEIPB_WI@Z, _clear@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEXXZ, __$_9_WU_$char_traits@_W@std@@V_$allocator@_W@1@@std@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@0@0@Z, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@std@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@0@PB_W@Z, _find_first_of@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@PB_WI@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBDI@Z, __Nomemory@std@@YAXXZ, __0_$basic_stringstream@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@ABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@1@H@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@ABV01@@Z, __1_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ, __Unlock@_Mutex@std@@QAEXXZ, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@ABV01@@Z, __0_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@PB_W@Z, __1_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@XZ, __Lock@_Mutex@std@@QAEXXZ, __$_M_WU_$char_traits@_W@std@@V_$allocator@_W@1@@std@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@0@0@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@PBD@Z, __Y_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@PB_W@Z, __Y_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@_W@Z, _flush@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEAAV12@XZ, __Osfx@_$basic_ostream@DU_$char_traits@D@std@@@std@@QAEXXZ, _uncaught_exception@std@@YA_NXZ, _clear@ios_base@std@@QAEXH_N@Z, _sputc@_$basic_streambuf@DU_$char_traits@D@std@@@std@@QAEHD@Z, _erase@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV12@II@Z, _npos@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@2IB, _read@_$basic_istream@DU_$char_traits@D@std@@@std@@QAEAAV12@PADH@Z, _substr@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBE_AV12@II@Z, _find_last_of@_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBEI_WI@Z, ___D_$basic_stringstream@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEXXZ, _str@_$basic_stringstream@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QBE_AV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@2@XZ, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@QAEAAV01@G@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@QAEAAV01@K@Z, __6_$basic_ostream@_WU_$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z, __$_6_WU_$char_traits@_W@std@@@std@@YAAAV_$basic_ostream@_WU_$char_traits@_W@std@@@0@AAV10@PB_W@Z, _setw@std@@YA_AU_$_Smanip@H@1@H@Z, __0_$basic_stringstream@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAE@H@Z, __4_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z, __$_8_WU_$char_traits@_W@std@@V_$allocator@_W@1@@std@@YA_NABV_$basic_string@_WU_$char_traits@_W@std@@V_$allocator@_W@2@@0@0@Z, ___D_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXXZ, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@PBD@Z, __4_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV01@ABV01@@Z, _str@_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEXABV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@@Z, _str@_$basic_stringstream@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QBE_AV_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@2@XZ, __$_6U_$char_traits@D@std@@@std@@YAAAV_$basic_ostream@DU_$char_traits@D@std@@@0@AAV10@PBD@Z, ___D_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAEXXZ, __0_$basic_ifstream@DU_$char_traits@D@std@@@std@@QAE@PBDHH@Z, _assign@_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAEAAV12@ABV12@@Z, __0_$basic_string@DU_$char_traits@D@std@@V_$allocator@D@2@@std@@QAE@XZ
> MSVCR71.dll: _amsg_exit, __wgetmainargs, _wcmdln, exit, _cexit, _XcptFilter, _exit, _c_exit, _onexit, __dllonexit, __1type_info@@UAE@XZ, _controlfp, _terminate@@YAXXZ, __security_error_handler, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _purecall, __1exception@@UAE@XZ, __0exception@@QAE@XZ, __CxxFrameHandler, __3@YAXPAX@Z, __0exception@@QAE@ABV0@@Z, _what@exception@@UBEPBDXZ, __0bad_cast@@QAE@PBD@Z, __1bad_cast@@UAE@XZ, __0bad_cast@@QAE@ABV0@@Z, _CxxThrowException, ___V@YAXPAX@Z, __8type_info@@QBEHABV0@@Z, wcsncpy, _wcreat, _waccess, memmove, _itow, _assert, fclose, fread, rewind, ftell, fseek, _wfopen, fopen, fwrite, malloc, _callnewh, _initterm
> ADVAPI32.dll: RegCloseKey
> SHELL32.dll: SHAppBarMessage

( 0 exports )
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 10:10 am

next the Main log

Deckard's System Scanner v20071014.68
Run by Admin on 2008-07-27 14:52:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
63: 2008-07-27 13:52:24 UTC - RP788 - Deckard's System Scanner Restore Point
62: 2008-07-26 20:37:01 UTC - RP787 - Removed PC Connectivity Solution
61: 2008-07-26 11:00:43 UTC - RP786 - Software Distribution Service 3.0
60: 2008-07-26 08:35:38 UTC - RP785 - Software Distribution Service 3.0
59: 2008-07-26 08:30:48 UTC - RP784 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-06-27 17:54:47 UTC - RP726 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Admin.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:57, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Updater.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\program files\common files\aol\1160729953\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160729953\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\VSB1O713\dss[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Message of the Day] C:\Program Files\UoL\MotD\MOTD2000.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 10636 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
.reg - regfile - shell\open\command - unable to read value
.scr - scrfile - shell\open\command - "%1" %*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 IFP300 (iriver Internet Audio Player IFP-300) - c:\windows\system32\drivers\ifp300.sys <Not Verified; iRiver, Inc.; IFP-100>
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c:\windows\system32\dnindis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 WPN111 (Wireless USB 2.0 Adapter with RangeMax Service) - c:\windows\system32\drivers\wpn111.sys <Not Verified; NETGEAR, Inc.; NETGEAR WPN111>

S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 PPPoEWin (PPPoEWin Miniport) - c:\windows\system32\drivers\pppoewin.sys (file missing)
S3 tapvpn (TAP VPN Adapter) - c:\windows\system32\drivers\tapvpn.sys <Not Verified; The OpenVPN Project; TAP-Win32 Virtual Network Driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 SvcOnlineArmor (Online Armor) - "c:\program files\tall emu\online armor\oasrv.exe" <Not Verified; Tall Emu; Online Armor Security Suite>
S4 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
S4 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&1A87BEAE&1&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV00DF\4&1A87BEAE&1&01
Service: NVENETFD


-- Scheduled Tasks -------------------------------------------------------------

2008-07-27 14:50:00 422 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAC759C1-0052-4326-9F19-25051AD22968}.job
2008-07-27 14:09:00 254 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2008-07-27 14:00:00 350 --a------ C:\WINDOWS\Tasks\At39.job
2008-07-27 14:00:00 350 --a------ C:\WINDOWS\Tasks\At15.job
2008-07-27 13:00:00 350 --a------ C:\WINDOWS\Tasks\At38.job
2008-07-27 13:00:00 350 --a------ C:\WINDOWS\Tasks\At14.job
2008-07-27 12:00:00 350 --a------ C:\WINDOWS\Tasks\At37.job
2008-07-27 12:00:00 350 --a------ C:\WINDOWS\Tasks\At13.job
2008-07-27 11:00:00 350 --a------ C:\WINDOWS\Tasks\At36.job
2008-07-27 11:00:00 350 --a------ C:\WINDOWS\Tasks\At12.job
2008-07-27 10:00:00 350 --a------ C:\WINDOWS\Tasks\At35.job
2008-07-27 10:00:00 350 --a------ C:\WINDOWS\Tasks\At11.job
2008-07-27 09:00:00 350 --a------ C:\WINDOWS\Tasks\At34.job
2008-07-27 09:00:00 350 --a------ C:\WINDOWS\Tasks\At10.job
2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At9.job
2008-07-27 08:00:00 350 --a------ C:\WINDOWS\Tasks\At33.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At8.job
2008-07-27 07:00:00 350 --a------ C:\WINDOWS\Tasks\At32.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At7.job
2008-07-27 06:00:00 350 --a------ C:\WINDOWS\Tasks\At31.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At6.job
2008-07-27 05:00:00 350 --a------ C:\WINDOWS\Tasks\At30.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At5.job
2008-07-27 04:00:00 350 --a------ C:\WINDOWS\Tasks\At29.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At4.job
2008-07-27 03:00:00 350 --a------ C:\WINDOWS\Tasks\At28.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At3.job
2008-07-27 02:00:00 350 --a------ C:\WINDOWS\Tasks\At27.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At26.job
2008-07-27 01:00:00 350 --a------ C:\WINDOWS\Tasks\At2.job
2008-07-27 00:55:00 350 --a------ C:\WINDOWS\Tasks\At25.job
2008-07-27 00:16:00 350 --a------ C:\WINDOWS\Tasks\At1.job
2008-07-26 23:00:00 350 --a------ C:\WINDOWS\Tasks\At48.job
2008-07-26 23:00:00 350 --a------ C:\WINDOWS\Tasks\At24.job
2008-07-26 22:00:00 350 --a------ C:\WINDOWS\Tasks\At47.job
2008-07-26 22:00:00 350 --a------ C:\WINDOWS\Tasks\At23.job
2008-07-26 21:00:00 350 --a------ C:\WINDOWS\Tasks\At46.job
2008-07-26 21:00:00 350 --a------ C:\WINDOWS\Tasks\At22.job
2008-07-26 20:00:00 350 --a------ C:\WINDOWS\Tasks\At45.job
2008-07-26 20:00:00 350 --a------ C:\WINDOWS\Tasks\At21.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At44.job
2008-07-26 19:00:00 350 --a------ C:\WINDOWS\Tasks\At20.job
2008-07-26 18:00:01 350 --a------ C:\WINDOWS\Tasks\At43.job
2008-07-26 18:00:00 350 --a------ C:\WINDOWS\Tasks\At19.job
2008-07-26 17:00:00 350 --a------ C:\WINDOWS\Tasks\At42.job
2008-07-26 17:00:00 350 --a------ C:\WINDOWS\Tasks\At18.job
2008-07-26 16:00:00 350 --a------ C:\WINDOWS\Tasks\At41.job
2008-07-26 16:00:00 350 --a------ C:\WINDOWS\Tasks\At17.job
2008-07-26 15:00:00 350 --a------ C:\WINDOWS\Tasks\At40.job
2008-07-26 15:00:00 350 --a------ C:\WINDOWS\Tasks\At16.job
2008-07-25 17:15:00 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job
2008-07-09 14:14:10 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-06-27 and 2008-07-27 -----------------------------

2008-07-27 00:54:42 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-27 00:19:01 262144 --a------ C:\Program Files\Uninstall Ask Toolbar.dll <Not Verified; Ask.com; Ask Toolbar for Internet Explorer>
2008-07-26 21:56:38 0 d-------- C:\Program Files\LimeWire
2008-07-26 21:42:08 0 d-------- C:\fsaua.data
2008-07-26 21:24:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-26 21:24:54 0 d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2008-07-26 21:24:17 0 d-------- C:\Program Files\Vuze
2008-07-26 12:14:37 0 d-------- C:\Program Files\uTorrent
2008-07-26 09:27:09 0 d-------- C:\WINDOWS\Prefetch
2008-07-25 11:22:38 0 d-------- C:\WINDOWS\system32\scripting
2008-07-25 11:22:38 0 d-------- C:\WINDOWS\system32\bits
2008-07-25 11:22:38 0 d-------- C:\WINDOWS\l2schemas
2008-07-25 11:18:02 0 d-------- C:\WINDOWS\EHome
2008-07-24 18:17:24 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 17:59:14 0 d-------- C:\Program Files\Trend Micro
2008-07-24 17:36:15 0 dr-h----- C:\Documents and Settings\Admin\Recent
2008-07-24 13:47:46 0 d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-07-24 13:46:35 0 d-------- C:\Program Files\Internet Cyclone
2008-07-24 13:46:22 0 d-------- C:\Program Files\XP Codec Pack
2008-07-24 13:46:22 0 d-------- C:\Program Files\BinarySense
2008-07-24 13:46:15 0 d-------- C:\Program Files\Common Files\Apple
2008-07-24 09:25:17 0 d-------- C:\Documents and Settings\Admin\Application Data\Opera(2)
2008-07-24 09:25:13 0 d-------- C:\Program Files\Opera(2)
2008-07-24 09:18:00 0 d-------- C:\Kontiki
2008-07-12 21:47:49 1568768 --a------ C:\WINDOWS\system32\imagx7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-07-12 15:01:11 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Macromedia
2008-07-12 15:01:02 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Mozilla
2008-07-12 15:00:36 0 dr------- C:\Documents and Settings\NetworkService\Favorites
2008-07-10 12:30:13 0 d-------- C:\Program Files\The_Pirate_Bay
2008-07-09 16:44:08 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-08 23:46:40 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-08 23:46:40 0 d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-07-08 23:46:40 47360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-07-08 23:46:32 0 d-------- C:\Program Files\VSO
2008-07-08 12:20:25 0 d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-07-07 23:55:10 0 d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-07-07 17:30:15 17801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
2008-07-07 17:30:04 147456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-07 17:30:04 651264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-07 17:30:04 362944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys <Not Verified; NETGEAR, Inc.; NETGEAR WPN111>
2008-07-07 17:30:04 17149 --a------ C:\WINDOWS\system32\DNINDIS5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-07 17:30:04 94208 --a------ C:\WINDOWS\system32\DNIN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-07 17:30:04 0 d-------- C:\Program Files\NETGEAR


-- Find3M Report ---------------------------------------------------------------

2008-07-27 14:12:21 0 d-------- C:\Documents and Settings\Admin\Application Data\OnlineArmor
2008-07-27 12:37:30 0 d-------- C:\Program Files\Google
2008-07-27 03:36:31 0 d-------- C:\Program Files\RegScrubXP
2008-07-27 00:57:50 0 d-------- C:\Program Files\Common Files\aol
2008-07-27 00:57:27 0 d-------- C:\Documents and Settings\Admin\Application Data\Mozilla
2008-07-25 21:27:16 0 d-------- C:\Program Files\Messenger
2008-07-25 21:27:05 0 d-------- C:\Program Files\Movie Maker
2008-07-25 21:25:24 0 d-------- C:\Program Files\Windows NT
2008-07-24 22:11:55 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 18:22:10 0 d-------- C:\Program Files\SpywareBlaster
2008-07-24 18:03:07 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-24 17:44:06 0 d-------- C:\Program Files\Kontiki
2008-07-24 17:41:25 33 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.log
2008-07-24 17:41:24 1144 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.inf
2008-07-24 17:41:24 7887 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.cat
2008-07-24 17:39:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 17:20:25 0 d-------- C:\Program Files\Java
2008-07-24 17:04:13 0 d-------- C:\Program Files\Audible
2008-07-24 13:47:50 0 d-------- C:\Program Files\Opera
2008-07-24 13:46:46 0 d-------- C:\Program Files\Winamp
2008-07-24 13:46:20 0 d-------- C:\Program Files\DivX
2008-07-24 13:46:15 0 d-------- C:\Program Files\Common Files
2008-07-24 09:49:46 0 d-------- C:\Program Files\InterActual
2008-07-14 00:15:24 668 --a------ C:\Documents and Settings\Admin\Application Data\vso_ts_preview.xml
2008-07-13 13:01:05 0 d-------- C:\Documents and Settings\Admin\Application Data\Winamp
2008-07-12 21:48:08 0 d-------- C:\Program Files\Common Files\Ahead
2008-07-07 09:10:01 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-04 10:44:01 3532 --a------ C:\drmHeader.bin
2008-06-20 20:18:15 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-11 01:07:20 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 01:03:26 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-06-11 01:03:26 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-06-11 01:03:20 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:20 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-06-11 01:03:18 683520 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-26 20:14:07 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-22 23:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/06/2007 14:32]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [25/07/2007 16:02]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [25/07/2007 16:06]
"Message of the Day"="C:\Program Files\UoL\MotD\MOTD2000.exe" [01/05/2006 13:53]
"iRiver Updater"="\Updater.exe" [01/07/2004 22:20]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [01/02/2008 00:13]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04:27]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [23/03/2008 11:21]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [24/08/2007 07:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/04/2008 19:49]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [20/11/2006 20:12]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [08/11/2005 23:00]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [10/11/2004 00:22]
"HostManager"="C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe" [27/04/2006 13:28]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [27/03/2006 16:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [23/04/2007 12:23]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07/07/2008 09:10]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [18/10/2006 21:05]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [07/07/2008 17:30:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [07/07/2008 09:10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 19/04/2007 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
"C:\Program Files\Kontiki\KHost.exe" -all

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\MSMSGS.EXE" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SatSrv"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxbu_device"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Diskeeper"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"SvcOnlineArmor"=2 (0x2)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NinjaVideo Helper.exe"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"iRiver Updater"=\Updater.exe
"SSS2007 PasswordManagerFFAutoFill"="C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"
"SSS2007 HotKeys"="C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"
"SSS2007 File Redirection Starter"="C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06fdbe22-4f9e-11db-bd3c-806d6172696f}]
play\command- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file dvd:%1

-- End of Deckard's System Scanner: finished at 2008-07-27 14:55:53 ------------
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 10:11 am

and finally the extra log

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3500+
Percentage of Memory in Use: 50%
Physical Memory (total/avail): 1023.48 MiB / 507.54 MiB
Pagefile Memory (total/avail): 2461.23 MiB / 1830.17 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1915.84 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.78 GiB total, 81.79 GiB free.
D: is Fixed (NTFS) - 111.79 GiB total, 105.66 GiB free.
E: is CDROM (UDF)
F: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)
K: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD12 00JD-00HBB0 SCSI Disk Device - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.78 GiB - C:

\\.\PHYSICALDRIVE1 - WDC WD12 00JD-00HBB0 SCSI Disk Device - 111.79 GiB - 1 partition
\PARTITION0 - Installable File System - 111.79 GiB - D:

\\.\PHYSICALDRIVE3 - GENERIC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE5 - GENERIC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE4 - GENERIC USB Storage-SDC USB Device

\\.\PHYSICALDRIVE2 - GENERIC USB Storage-SMC USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Admin\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ADMIN-3D98D1489
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Admin
LOGONSERVER=\\ADMIN-3D98D1489
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Windows Live\Messenger\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime Alternative\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
TMP=C:\DOCUME~1\Admin\LOCALS~1\Temp
USERDOMAIN=ADMIN-3D98D1489
USERNAME=Admin
USERPROFILE=C:\Documents and Settings\Admin
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Admin (admin)
Phil (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> MsiExec /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
--> MsiExec.exe /X{69495273-FCDC-4A86-BCB7-49B504D3FB0E}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
@BIOS B06.0721.01 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}\setup.exe" -l0x9 -removeonly
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{BC467935-A9A5-4D0F-BD89-94F36CDF0524}
Adobe® Photoshop® Album Starter Edition 3.0 --> MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Adobe® Photoshop® Album Starter Edition 3.0.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C9618743-1A5C-461E-91C4-E013A3D70F3C}\Setup.exe" -l0x9
AGEIA PhysX v7.01.12 --> MsiExec.exe /X{E2BE1618-AF5F-4F7D-8484-42E080EDF609}
Alt-Tab Task Switcher Powertoy for Windows XP --> MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AOL Coach Version 1.0(Build:20040229.1 uk) --> "C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe" -lang="en-uk"
AOL Connectivity Services --> "C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe" /c
AOL Toolbar --> "C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
AOL Uninstaller (Choose which Products to Remove) --> C:\Program Files\Common Files\AOL\uninstaller.exe
AOL You've Got Pictures Screensaver --> C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Apple Mobile Device Support --> MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet --> MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
Creative Audio Console --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe" -l0x9 /remove
DivX Converter --> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HDDlife --> MsiExec.exe /I{3A609C6D-9BB0-47BB-B0C4-B222F8EA98B6}
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for MSXML 2 (KB887606) --> "C:\WINDOWS\$SQLUninstallMSXML2SP6-KB887606-x86-ENU$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB900399) --> "C:\WINDOWS\$NtUninstallKB900399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998) --> "C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB912454) --> "C:\WINDOWS\$NtUninstallKB912454$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB917821) --> "C:\WINDOWS\$NtUninstallKB917821$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB922042) --> "C:\WINDOWS\$NtUninstallKB922042$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB922814) --> "C:\WINDOWS\$NtUninstallKB922814$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK 9.5 (KB905592) --> "C:\WINDOWS\$NtUninstallKB905592$\spuninst\spuninst.exe"
ieSpell 2.2.0 (build 647) --> "C:\Program Files\ieSpell\uninst.exe"
Image Resizer Powertoy for Windows XP --> MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
iriver Music Manager --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{072D2077-9E22-4F7F-B817-A92CA6CCC843}\Setup.exe" -l0x9 anything
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Lexmark 6200 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbuUNST.EXE -NOLICENSE
LimeWire PRO 4.18.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Logitech Audio Echo Cancellation Component --> MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech QuickCam --> MsiExec.exe /X{364EC092-93CF-4DDC-9D7A-7278452028E0}
Logitech® Camera Driver --> "C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Magnifier Powertoy for Windows XP --> MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Message of the Day --> MsiExec.exe /I{9A7E6E8E-53DE-415F-894E-3BA33243FDC1}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Color Control Panel Applet for Windows XP --> MsiExec.exe /X{CE378F36-E404-4244-A33F-F50A2A6D31BD}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Admin\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (3.0) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MVision --> MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 7 Premium --> MsiExec.exe /I{ACE0935B-2B99-4D0A-B173-8CACC6051033}
NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111 --> C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\setup.exe -runfromtemp -l0x0009 -removeonly
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Online Armor 2.1 --> "C:\Program Files\Tall Emu\Online Armor\unins000.exe"
OpenOffice.org 2.2 --> MsiExec.exe /I{65A27B19-3398-4B23-837C-7A9EA6A39F03}
Opera 9.27 --> MsiExec.exe /X{04DB4871-BC1D-44BF-AADB-47326365EB8C}
Photo Viewer --> MsiExec.exe /X{48A34EA8-695B-48BE-B900-C0C44D5D518A}
PowerISO --> "C:\Program Files\PowerISO\uninstall.exe"
QuickTime --> MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
QuickTime Alternative 1.81 --> "C:\Program Files\QuickTime Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegScrubXP 3.25 --> "C:\Program Files\RegScrubXP\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Step By Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Skype™ 3.8 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Sun Download Manager 2.0 (web) --> C:\WINDOWS\system32\javaws.exe -uninstall "http://javadl-esd.sun.com/update/sdm20/sdm20.jnlp"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft Office Outlook 2007 (KB952142) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
VeohTV BETA --> C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6 --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Vuze --> C:\Program Files\Vuze\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0 --> C:\WINDOWS\system32\DRVSTORE\f1490bc41e7d27129cb157cba768cf63b89e7752\DPInst.exe /u mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) --> C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_9EA6D2FA46FEFFB7011ED0B6015B626D07F1EEF7\amdk8.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Mail --> MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Photo Gallery --> MsiExec.exe /X{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}
Windows Live Sign-in Assistant --> MsiExec.exe /I{0ED47137-C071-46CC-A243-E5E33271E10E}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Writer --> MsiExec.exe /X{9176251A-4CC1-4DDB-B343-B487195EB397}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB896097 --> "C:\WINDOWS\$NtUninstallKB896097$\spuninst\spuninst.exe"
Windows Media Hotfix - KB895181 --> "C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Rights Management Client Backwards Compatibility SP2 --> MsiExec.exe /X{EC905264-BCFE-423B-9C42-C3A106266790}
Windows Rights Management Client with Service Pack 2 --> MsiExec.exe /X{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Pack 1.0 -->
XP Codec Pack --> C:\Program Files\XP Codec Pack\Uninstall.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type13199 / Success
Event Submitted/Written: 07/27/2008 00:41:31 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13160 / Success
Event Submitted/Written: 07/26/2008 11:53:13 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13149 / Success
Event Submitted/Written: 07/26/2008 09:30:42 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type13144 / Warning
Event Submitted/Written: 07/25/2008 09:32:45 PM
Event ID/Source: 1015 / MsiInstaller
Event Description:
Failed to connect to server. Error: 0x80080005

Event Record #/Type13142 / Warning
Event Submitted/Written: 07/25/2008 09:27:38 PM
Event ID/Source: 63 / WinMgmt
Event Description:
A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type54167 / Warning
Event Submitted/Written: 07/27/2008 02:27:36 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type54165 / Error
Event Submitted/Written: 07/27/2008 02:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At39.job command failed to start due to the following error:
%%2147942405

Event Record #/Type54164 / Error
Event Submitted/Written: 07/27/2008 02:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At15.job command failed to start due to the following error:
%%2147942405

Event Record #/Type54163 / Warning
Event Submitted/Written: 07/27/2008 01:32:58 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Record #/Type54162 / Error
Event Submitted/Written: 07/27/2008 01:00:00 PM
Event ID/Source: 7901 / Schedule
Event Description:
The At38.job command failed to start due to the following error:
%%2147942405

-- End of Deckard's System Scanner: finished at 2008-07-27 14:55:53 ------------
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby ndmmxiaomayi » July 27th, 2008, 10:42 am

Hello,

Step 1

With reference to Malware Removal P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate µTorrent and click on the Change/Remove button to uninstall it.
  3. Repeat for LimeWire PRO 4.18.3 and Vuze.
  4. Close Add/Remove Programs and Control Panel when done.

Step 2

Disable Online Armour temporarily

Please disable Online Armour temporarily as it may interfere with the fixes.

  1. Right click on Online Armour icon near the clock (icon looks like a shield).
  2. If you see a tick next to Program Guard, click once on Program Guard to remove this tick.
  3. You will be prompted. Click Yes.
  4. Right click on Online Armour icon again and select Deactivate HIPS features.
  5. You will be prompted. Click Yes.
  6. There will be another prompt to restart your computer. Click Yes to restart.

Disable SUPERAntiSpyware temporarily

Please disable SUPERAntiSpyware temporarily as it may interfere with the fixes.

  1. Right click on SUPERAntiSpyware icon near the clock (a bug icon) and select View Control Center (Preferences/Options)....
  2. Select the General and Startup tab.
  3. Under Start-Up Options, uncheck (untick) Start SUPERAntiSpyware when Windows start box.
  4. Select Hi-Jack Protection tab. Uncheck (untick) Protect home page from being changed. Changes can be made only here box.
  5. Right click on SUPERAntiSpyware icon near the clock again and select Exit.
  6. Click OK to confirm.

Step 3

If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

Please download Combofix from one of the following links:

Bleeping Computer
Forospyware
Geeks to Go

Save it to your desktop.

Next...

Visit this website - http://www.microsoft.com/downloads/deta ... laylang=en

Choose the correct language and click on Download.

Download the file & save it as it's originally named, next to ComboFix.exe.

Image

Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.

Once Recovery Console is installed, you should see a blue screen prompt like the one below:

Image

Click Yes to allow Combofix to continue scanning for malware.

When done, a log will be produced. Please post that log and a new HijackThis log in your next reply.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 11:21 am

The combo fix log first

ComboFix 08-07-26.1 - Admin 2008-07-27 16:01:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.627 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Application Data\inst.exe
C:\WINDOWS\system32\_004775_.tmp.dll
C:\WINDOWS\system32\_004776_.tmp.dll
C:\WINDOWS\system32\_004777_.tmp.dll
C:\WINDOWS\system32\_004778_.tmp.dll
C:\WINDOWS\system32\_004785_.tmp.dll
C:\WINDOWS\system32\_004786_.tmp.dll
C:\WINDOWS\system32\_004787_.tmp.dll
C:\WINDOWS\system32\_004789_.tmp.dll
C:\WINDOWS\system32\_004790_.tmp.dll
C:\WINDOWS\system32\_004793_.tmp.dll
C:\WINDOWS\system32\_004794_.tmp.dll
C:\WINDOWS\system32\_004796_.tmp.dll
C:\WINDOWS\system32\_004797_.tmp.dll
C:\WINDOWS\system32\_004800_.tmp.dll
C:\WINDOWS\system32\_004803_.tmp.dll
C:\WINDOWS\system32\_004804_.tmp.dll
C:\WINDOWS\system32\_004808_.tmp.dll
C:\WINDOWS\system32\_004809_.tmp.dll
C:\WINDOWS\system32\_004811_.tmp.dll
C:\WINDOWS\system32\_004814_.tmp.dll
C:\WINDOWS\system32\_004816_.tmp.dll
C:\WINDOWS\system32\_004817_.tmp.dll
C:\WINDOWS\system32\_004818_.tmp.dll
C:\WINDOWS\system32\_004819_.tmp.dll
C:\WINDOWS\system32\_004822_.tmp.dll
C:\WINDOWS\system32\_004823_.tmp.dll
C:\WINDOWS\system32\_004824_.tmp.dll
C:\WINDOWS\system32\_004825_.tmp.dll
C:\WINDOWS\system32\_004826_.tmp.dll
C:\WINDOWS\system32\_004831_.tmp.dll
C:\WINDOWS\system32\_004833_.tmp.dll
C:\WINDOWS\system32\_004834_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-27 14:52 . 2008-07-27 14:52 <DIR> d-------- C:\Deckard
2008-07-27 00:54 . 2008-07-27 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-26 22:48 . 2008-07-27 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-26 22:48 . 2008-07-26 22:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-26 21:42 . 2008-07-26 21:42 <DIR> d-------- C:\fsaua.data
2008-07-26 21:24 . 2008-07-27 14:58 <DIR> d-------- C:\Program Files\Vuze
2008-07-26 21:24 . 2008-07-26 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-26 21:24 . 2008-07-27 14:08 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2008-07-25 11:22 . 2008-07-25 21:27 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-25 11:22 . 2008-07-25 21:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-25 11:22 . 2008-07-25 21:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-25 11:18 . 2008-07-25 21:21 <DIR> d-------- C:\WINDOWS\EHome
2008-07-25 11:13 . 2008-04-14 01:12 8,461,312 --a------ C:\WINDOWS\system32\SET207.tmp
2008-07-25 11:12 . 2008-04-14 01:11 2,843,136 --a------ C:\WINDOWS\system32\SET2DE.tmp
2008-07-24 18:17 . 2008-07-24 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 18:10 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 18:10 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 17:59 . 2008-07-24 17:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 13:47 . 2008-07-24 13:47 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Internet Cyclone
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\BinarySense
2008-07-24 13:16 . 2008-07-24 13:16 244 --ah----- C:\sqmnoopt15.sqm
2008-07-24 13:16 . 2008-07-24 13:16 232 --ah----- C:\sqmdata15.sqm
2008-07-24 09:25 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Opera(2)
2008-07-24 09:25 . 2008-07-24 09:25 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Opera(2)
2008-07-24 09:18 . 2008-07-24 09:30 <DIR> d-------- C:\Kontiki
2008-07-24 09:04 . 2008-07-24 09:04 244 --ah----- C:\sqmnoopt14.sqm
2008-07-24 09:04 . 2008-07-24 09:04 232 --ah----- C:\sqmdata14.sqm
2008-07-23 23:03 . 2008-07-23 23:03 244 --ah----- C:\sqmnoopt13.sqm
2008-07-23 23:03 . 2008-07-23 23:03 232 --ah----- C:\sqmdata13.sqm
2008-07-23 21:09 . 2008-07-23 21:09 244 --ah----- C:\sqmnoopt12.sqm
2008-07-23 21:09 . 2008-07-23 21:09 232 --ah----- C:\sqmdata12.sqm
2008-07-23 19:14 . 2008-07-23 19:14 244 --ah----- C:\sqmnoopt11.sqm
2008-07-23 19:14 . 2008-07-23 19:14 232 --ah----- C:\sqmdata11.sqm
2008-07-23 19:04 . 2008-07-23 19:04 244 --ah----- C:\sqmnoopt10.sqm
2008-07-23 19:04 . 2008-07-23 19:04 232 --ah----- C:\sqmdata10.sqm
2008-07-23 18:36 . 2008-07-23 18:36 244 --ah----- C:\sqmnoopt09.sqm
2008-07-23 18:36 . 2008-07-23 18:36 232 --ah----- C:\sqmdata09.sqm
2008-07-14 07:22 . 2008-07-12 15:10 0 --a------ C:\WINDOWS\system32\VFEa0EnX.exe.a_a
2008-07-14 07:22 . 2008-07-11 13:52 0 --a------ C:\WINDOWS\system32\fYK1CB2O.exe.a_a
2008-07-13 14:54 . 2008-07-13 14:54 244 --ah----- C:\sqmnoopt08.sqm
2008-07-13 14:54 . 2008-07-13 14:54 232 --ah----- C:\sqmdata08.sqm
2008-07-12 21:47 . 2006-11-20 20:11 1,568,768 --a------ C:\WINDOWS\system32\imagx7.dll
2008-07-12 21:47 . 2006-11-20 20:10 476,320 --a------ C:\WINDOWS\system32\imagxpr7.dll
2008-07-10 12:30 . 2008-07-24 13:47 <DIR> d-------- C:\Program Files\The_Pirate_Bay
2008-07-09 16:44 . 2008-07-09 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-08 23:46 . 2008-07-24 17:41 <DIR> d-------- C:\Program Files\VSO
2008-07-08 23:46 . 2008-07-24 17:41 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-07-08 23:46 . 2008-07-08 23:46 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-08 23:46 . 2008-07-24 17:41 47,360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2008-07-08 12:20 . 2008-07-27 14:57 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-07-07 23:55 . 2008-07-26 22:34 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-07-07 17:30 . 2008-07-07 17:30 <DIR> d-------- C:\Program Files\NETGEAR
2008-07-07 17:30 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-07 17:30 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-07-07 17:30 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-07-07 17:30 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-07 17:30 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-07 17:30 . 2008-07-07 17:30 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-07 17:30 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmpA9B92.FOT
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmp3BC92.FOT
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmp2EC92.FOT
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmp10D92.FOT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 15:06 --------- d-----w C:\Documents and Settings\Admin\Application Data\OnlineArmor
2008-07-27 14:29 --------- d-----w C:\Program Files\Common Files\aol
2008-07-27 14:26 --------- d-----w C:\Program Files\Google
2008-07-27 11:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-07-27 02:36 --------- d-----w C:\Program Files\RegScrubXP
2008-07-26 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-26 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-25 20:33 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd2957.sys
2008-07-24 21:11 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 17:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-24 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 16:44 --------- d-----w C:\Program Files\Kontiki
2008-07-24 16:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-24 16:20 --------- d-----w C:\Program Files\Java
2008-07-24 16:04 --------- d-----w C:\Program Files\Audible
2008-07-24 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-24 12:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-24 12:47 --------- d-----w C:\Program Files\Opera
2008-07-24 12:46 --------- d-----w C:\Program Files\Winamp
2008-07-24 12:46 --------- d-----w C:\Program Files\DivX
2008-07-24 08:49 --------- d-----w C:\Program Files\InterActual
2008-07-13 12:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\Winamp
2008-07-12 22:41 65,536 ----a-w C:\WINDOWS\DUMPab63.tmp
2008-07-12 20:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-07 08:10 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-04 09:44 3,532 ----a-w C:\drmHeader.bin
2008-06-20 19:18 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-27 15:26 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-08 14:32 185784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"Message of the Day"="C:\Program Files\UoL\MotD\MOTD2000.exe" [2006-05-01 13:53 23552]
"iRiver Updater"="\Updater.exe" [2004-07-01 22:20 212992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-02-01 00:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-03-23 11:21 5519424]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2006-11-20 20:12 69632]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-07-07 17:30:04 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-07 09:10 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll" [2008-03-23 11:21 671432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-08 14:32 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SatSrv"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxbu_device"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Diskeeper"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"SvcOnlineArmor"=2 (0x2)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NinjaVideo Helper.exe"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"iRiver Updater"=\Updater.exe
"SSS2007 PasswordManagerFFAutoFill"="C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"
"SSS2007 HotKeys"="C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"
"SSS2007 File Redirection Starter"="C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\GIGABYTE\\@BIOS\\bios_run.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\aol\\1160729953\\ee\\aolsoftware.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 IFP300;iriver Internet Audio Player IFP-300;C:\WINDOWS\system32\DRIVERS\ifp300.sys [2004-03-29 18:28]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-06-29 00:09]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-03-23 11:21]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-03-23 11:21]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-03-23 11:21]
R2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-03-23 11:21]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 22:25]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 19:47]
.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - s !;C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe/schedulestartAdmin,Runs 1-Click Maintenance at specified times0 []
2008-07-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
2008-07-26 C:\WINDOWS\Tasks\At1.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0jp2AfIm<tda-`kty?/lBY5 Z []
2008-07-27 C:\WINDOWS\Tasks\At10.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0z5YE5E-["-T/G []
2008-07-27 C:\WINDOWS\Tasks\At11.job - !C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0 []
2008-07-27 C:\WINDOWS\Tasks\At12.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0?%9/Tz*] []
2008-07-27 C:\WINDOWS\Tasks\At13.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0f] u []
2008-07-27 C:\WINDOWS\Tasks\At14.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0'\9]5JH?tHLXONh []
2008-07-27 C:\WINDOWS\Tasks\At15.job - s!.!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.09HFI5l?D1kURy#NC1-;o*y@zlc#R []
2008-07-27 C:\WINDOWS\Tasks\At16.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0JrbFuX []
2008-07-27 C:\WINDOWS\Tasks\At17.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0.bUh<hhf2{s<Clv#by]Ay)# []
2008-07-26 C:\WINDOWS\Tasks\At18.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.00js?(g@TeW.1{\m:^JC []
2008-07-26 C:\WINDOWS\Tasks\At19.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.01(]JxO&#!!HL4JLI1rwjU6/L?_ []
2008-07-27 C:\WINDOWS\Tasks\At2.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0"^%H7I}OX?lL9ypk5,E8.Lgf6id. []
2008-07-26 C:\WINDOWS\Tasks\At20.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0o%Do'UG%DrF:[9^G]X0S128 []
2008-07-26 C:\WINDOWS\Tasks\At21.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0P3O,g<l>#Y#N=XJz<`5CSJONk; []
2008-07-26 C:\WINDOWS\Tasks\At22.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0.]x53V[btY&Vy=^='eb!8 []
2008-07-26 C:\WINDOWS\Tasks\At23.job - s!m!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0 [&1Bf2Lkw[+4|[Vc []
2008-07-26 C:\WINDOWS\Tasks\At24.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0s5l`3D,}MfBNkb,W7qU1@I4\L) []
2008-07-26 C:\WINDOWS\Tasks\At25.job - s!7!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.07m[-Tc>";Mr50B+\-#@jkENqsz []
2008-07-27 C:\WINDOWS\Tasks\At26.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0qZ#wE<2*Pemd_g<nmr"k/RH []
2008-07-27 C:\WINDOWS\Tasks\At27.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0xF9#N,bX@52fEo-TyC<f(]jx/G []
2008-07-27 C:\WINDOWS\Tasks\At28.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0<`AL,E(TDR!=I"g:7nb/kj`( []
2008-07-27 C:\WINDOWS\Tasks\At29.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0la'^(x,svLDC!.}XpTXN;4U@<_o []
2008-07-27 C:\WINDOWS\Tasks\At3.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0XYfeCfmtn4?qu(J}t&X]:OMODIH []
2008-07-27 C:\WINDOWS\Tasks\At30.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0Z/-<pxgvixD9nV4-}p|DWp []
2008-07-27 C:\WINDOWS\Tasks\At31.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0|\g=mF5ExT2Yk O jcU5n-13IVdT []
2008-07-27 C:\WINDOWS\Tasks\At32.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0LUqVY\GqqR>WQElj*,1kM* []
2008-07-27 C:\WINDOWS\Tasks\At33.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0y*@2ivbUOYUy/}+oeCz []
2008-07-27 C:\WINDOWS\Tasks\At34.job - s!W!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0y2G _vkwkc0BPr3:z"vyR<edU*o []
2008-07-27 C:\WINDOWS\Tasks\At35.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0 []
2008-07-27 C:\WINDOWS\Tasks\At36.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0Qp7* _G9/`*::Uujw'"t=Q]I []
2008-07-27 C:\WINDOWS\Tasks\At37.job - s!V!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0Zw"29D})"lt(`"2Wf+\Cfto>C []
2008-07-27 C:\WINDOWS\Tasks\At38.job - s!N!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0 []
2008-07-27 C:\WINDOWS\Tasks\At39.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0m$abswTMH CQvb?C=hf0H]<1E []
2008-07-27 C:\WINDOWS\Tasks\At4.job - s!{!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0s@XNSzJ<J$PLbN []
2008-07-27 C:\WINDOWS\Tasks\At40.job - s!'!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0Ot8xkj] aA []
2008-07-27 C:\WINDOWS\Tasks\At41.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0qub<_e!X?S-tb2}wccCsnDDkVO []
2008-07-26 C:\WINDOWS\Tasks\At42.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0m3G}i%iPRK d []
2008-07-26 C:\WINDOWS\Tasks\At43.job - s!}!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0edMuK/RGG:`"=F6;KY6g{QU []
2008-07-26 C:\WINDOWS\Tasks\At44.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0=,"(MOTNo>iW*'8x3YyQM'_+C.^( []
2008-07-26 C:\WINDOWS\Tasks\At45.job - s!=!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0T[<3\YDt(U]nu(k1L-7oEz []
2008-07-26 C:\WINDOWS\Tasks\At46.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0RYNA95uE=B+4xKxUuaBy*,> []
2008-07-26 C:\WINDOWS\Tasks\At47.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.0@-_4g>Vh<r1n+QLC]y^0> []
2008-07-26 C:\WINDOWS\Tasks\At48.job - s!!C:\WINDOWS\system32\VFEa0EnX.exeSYSTEMCreated by NetScheduleJobAdd.01 4YifY f,DR>3F[]csWa(Xvm []
2008-07-27 C:\WINDOWS\Tasks\At5.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0NJ^W6,N4EZ"/az(?M4Z-o)7_ []
2008-07-27 C:\WINDOWS\Tasks\At6.job - s!M!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0\-$Z38 []
2008-07-27 C:\WINDOWS\Tasks\At7.job - s!M!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0Krl^u"4)Q}xL[:iP3q# []
2008-07-27 C:\WINDOWS\Tasks\At8.job - s!M!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.01*!+_stGV;j+/<;Fi []
2008-07-27 C:\WINDOWS\Tasks\At9.job - s!!C:\WINDOWS\system32\fYK1CB2O.exeSYSTEMCreated by NetScheduleJobAdd.0JGck'3?jfgD+NdIX []
2008-07-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXEAdmin0< []
2008-07-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAC759C1-0052-4326-9F19-25051AD22968}.job - C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 13:58]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.co.uk/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Default_Search_URL = hxxp://www.google.co.uk/
R1 -: HKCU-Internet Settings,ProxyOverride = localhost;<local>
R1 -: HKCU-SearchURL,(Default) = hxxp://search.aol.co.uk/web?isinit=true&query=%s
O8 -: &AOL Toolbar search - C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 -: &eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 -: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Check &Spelling - C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 16:06:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\aol\ACS\AOLacsd.exe
C:\Updater.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\aol\1160729953\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-07-27 16:15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-27 15:15:11

Pre-Run: 87,705,321,472 bytes free
Post-Run: 87,758,028,800 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

399 --- E O F --- 2008-07-26 08:35:51
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 11:22 am

And the hijack log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:43, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Updater.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\common files\aol\1160729953\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160729953\ee\aolsoftware.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Message of the Day] C:\Program Files\UoL\MotD\MOTD2000.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 10591 bytes
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 11:26 am

sorry just to add, about 2 mins ago my aol spyware just popped up saying that "Bifrost" was trying to get in, via backdoor, i blocked it with the aol spyware but just though i would let you know
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby ndmmxiaomayi » July 27th, 2008, 11:49 am

Hello,

my aol spyware just popped up saying that "Bifrost" was trying to get in


Do you have the file name?

Please ensure that Online Armour and SUPERAntiSpyware are disabled before proceeding.

Open Notepad and copy and paste the following in the Code box into Notepad:

Code: Select all
http://malwareremoval.com/forum/viewtopic.php?f=11&t=33032

DirLook::
C:\Program Files\Vuze

File::
C:\WINDOWS\system32\VFEa0EnX.exe.a_a
C:\WINDOWS\system32\fYK1CB2O.exe.a_a

Suspect::
C:\WINDOWS\system32\tmpA9B92.FOT
C:\WINDOWS\system32\tmp3BC92.FOT
C:\WINDOWS\system32\tmp2EC92.FOT
C:\WINDOWS\system32\tmp10D92.FOT
C:\drmHeader.bin

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

Collect::
C:\WINDOWS\Tasks\At1.job

File::
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job


Warning: The above script is just for whitlog. If you are not whitlog, please do not use this script as it may damage the workings of your system.

Click on File > Save As....

In the File Name field, copy and paste in CFScript.txt. Do not change the file name.

Click Save.

Referring to the picture below, drag CFScript into Combofix.

Image

Combofix will start running. When done, a log will be produced. Please post this log in your next reply.

In addition, it will prompt you to submit some files for analyzing.

Image

Click OK.

Copy and paste the file path into the text box next to the Browse button (boxed up in red).

Image

Click on Send File.

Do not mouse click on Combofix while it is running. That may cause it to stall.

In your next reply, please post:

  1. Combofix log (C:\Combofix.txt)
  2. A new HijackThis log
  3. The file name that AOL Antispyware complained of (if any)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: very slow machine and slow internet speed

Unread postby ndmmxiaomayi » July 27th, 2008, 12:29 pm

Hello,

Before dragging CFScript into Combofix, please delete your current copy of Combofix.

Then download it from one of these links and save it to your desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 1:03 pm

ok here is the hijack log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:02:40, on 27/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Updater.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\common files\aol\1160729953\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1160729953\ee\aolsoftware.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.aol.co.uk/web?isinit=true&query=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Message of the Day] C:\Program Files\UoL\MotD\MOTD2000.exe
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [LXBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.co.uk/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - http://gfx1.mail.live.com/mail/w1/resou ... NPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - http://support.f-secure.com/ols/fscax.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 10346 bytes
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 1:03 pm

the combfix log

ComboFix 08-07-27.1 - Admin 2008-07-27 17:48:41.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.633 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Desktop\CFScript.txt..txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\fYK1CB2O.exe.a_a
C:\WINDOWS\system32\VFEa0EnX.exe.a_a
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At25.job
C:\WINDOWS\Tasks\At26.job
C:\WINDOWS\Tasks\At27.job
C:\WINDOWS\Tasks\At28.job
C:\WINDOWS\Tasks\At29.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At30.job
C:\WINDOWS\Tasks\At31.job
C:\WINDOWS\Tasks\At32.job
C:\WINDOWS\Tasks\At33.job
C:\WINDOWS\Tasks\At34.job
C:\WINDOWS\Tasks\At35.job
C:\WINDOWS\Tasks\At36.job
C:\WINDOWS\Tasks\At37.job
C:\WINDOWS\Tasks\At38.job
C:\WINDOWS\Tasks\At39.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At40.job
C:\WINDOWS\Tasks\At41.job
C:\WINDOWS\Tasks\At42.job
C:\WINDOWS\Tasks\At43.job
C:\WINDOWS\Tasks\At44.job
C:\WINDOWS\Tasks\At45.job
C:\WINDOWS\Tasks\At46.job
C:\WINDOWS\Tasks\At47.job
C:\WINDOWS\Tasks\At48.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At9.job
.

((((((((((((((((((((((((( Files Created from 2008-06-27 to 2008-07-27 )))))))))))))))))))))))))))))))
.

2008-07-27 14:52 . 2008-07-27 14:52 <DIR> d-------- C:\Deckard
2008-07-27 00:54 . 2008-07-27 00:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-26 22:48 . 2008-07-27 15:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-26 22:48 . 2008-07-26 22:48 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-26 21:42 . 2008-07-26 21:42 <DIR> d-------- C:\fsaua.data
2008-07-26 21:24 . 2008-07-27 14:58 <DIR> d-------- C:\Program Files\Vuze
2008-07-26 21:24 . 2008-07-26 21:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-26 21:24 . 2008-07-27 14:08 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Azureus
2008-07-25 11:22 . 2008-07-25 21:27 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-25 11:22 . 2008-07-25 21:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-25 11:22 . 2008-07-25 21:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-25 11:18 . 2008-07-25 21:21 <DIR> d-------- C:\WINDOWS\EHome
2008-07-25 11:13 . 2008-04-14 01:12 8,461,312 --a------ C:\WINDOWS\system32\SET207.tmp
2008-07-25 11:12 . 2008-04-14 01:11 2,843,136 --a------ C:\WINDOWS\system32\SET2DE.tmp
2008-07-24 18:17 . 2008-07-24 18:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-24 18:10 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 18:10 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 17:59 . 2008-07-24 17:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 13:47 . 2008-07-24 13:47 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\InstallShield
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\XP Codec Pack
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Internet Cyclone
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-24 13:46 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\BinarySense
2008-07-24 13:16 . 2008-07-24 13:16 244 --ah----- C:\sqmnoopt15.sqm
2008-07-24 13:16 . 2008-07-24 13:16 232 --ah----- C:\sqmdata15.sqm
2008-07-24 09:25 . 2008-07-24 13:46 <DIR> d-------- C:\Program Files\Opera(2)
2008-07-24 09:25 . 2008-07-24 09:25 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Opera(2)
2008-07-24 09:18 . 2008-07-24 09:30 <DIR> d-------- C:\Kontiki
2008-07-24 09:04 . 2008-07-24 09:04 244 --ah----- C:\sqmnoopt14.sqm
2008-07-24 09:04 . 2008-07-24 09:04 232 --ah----- C:\sqmdata14.sqm
2008-07-23 23:03 . 2008-07-23 23:03 244 --ah----- C:\sqmnoopt13.sqm
2008-07-23 23:03 . 2008-07-23 23:03 232 --ah----- C:\sqmdata13.sqm
2008-07-23 21:09 . 2008-07-23 21:09 244 --ah----- C:\sqmnoopt12.sqm
2008-07-23 21:09 . 2008-07-23 21:09 232 --ah----- C:\sqmdata12.sqm
2008-07-23 19:14 . 2008-07-23 19:14 244 --ah----- C:\sqmnoopt11.sqm
2008-07-23 19:14 . 2008-07-23 19:14 232 --ah----- C:\sqmdata11.sqm
2008-07-23 19:04 . 2008-07-23 19:04 244 --ah----- C:\sqmnoopt10.sqm
2008-07-23 19:04 . 2008-07-23 19:04 232 --ah----- C:\sqmdata10.sqm
2008-07-23 18:36 . 2008-07-23 18:36 244 --ah----- C:\sqmnoopt09.sqm
2008-07-23 18:36 . 2008-07-23 18:36 232 --ah----- C:\sqmdata09.sqm
2008-07-13 14:54 . 2008-07-13 14:54 244 --ah----- C:\sqmnoopt08.sqm
2008-07-13 14:54 . 2008-07-13 14:54 232 --ah----- C:\sqmdata08.sqm
2008-07-12 21:47 . 2006-11-20 20:11 1,568,768 --a------ C:\WINDOWS\system32\imagx7.dll
2008-07-12 21:47 . 2006-11-20 20:10 476,320 --a------ C:\WINDOWS\system32\imagxpr7.dll
2008-07-10 12:30 . 2008-07-24 13:47 <DIR> d-------- C:\Program Files\The_Pirate_Bay
2008-07-09 16:44 . 2008-07-09 16:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-07-08 23:46 . 2008-07-24 17:41 <DIR> d-------- C:\Program Files\VSO
2008-07-08 23:46 . 2008-07-24 17:41 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Vso
2008-07-08 23:46 . 2008-07-08 23:46 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-07-08 23:46 . 2008-07-24 17:41 47,360 --a------ C:\Documents and Settings\Admin\Application Data\pcouffin.sys
2008-07-08 12:20 . 2008-07-27 14:57 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\uTorrent
2008-07-07 23:55 . 2008-07-26 22:34 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\LimeWire
2008-07-07 17:30 . 2008-07-07 17:30 <DIR> d-------- C:\Program Files\NETGEAR
2008-07-07 17:30 . 2004-04-18 16:43 651,264 --a------ C:\WINDOWS\system32\libeay32.dll
2008-07-07 17:30 . 2005-09-26 16:02 362,944 --a------ C:\WINDOWS\system32\drivers\WPN111.sys
2008-07-07 17:30 . 2005-07-27 21:15 149,392 --a------ C:\WINDOWS\system32\drivers\ar5523.bin
2008-07-07 17:30 . 2004-04-18 16:43 147,456 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-07-07 17:30 . 2003-07-24 12:10 94,208 --a------ C:\WINDOWS\system32\DNIN50.dll
2008-07-07 17:30 . 2008-07-07 17:30 17,801 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-07-07 17:30 . 2003-07-24 12:10 17,149 --a------ C:\WINDOWS\system32\DNINDIS5.sys
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmpA9B92.FOT
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmp3BC92.FOT
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmp2EC92.FOT
2008-07-03 23:33 . 2008-07-03 23:33 1,409 --a------ C:\WINDOWS\system32\tmp10D92.FOT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 16:37 --------- d-----w C:\Documents and Settings\Admin\Application Data\OnlineArmor
2008-07-27 16:35 --------- d-----w C:\Program Files\VideoLAN
2008-07-27 14:29 --------- d-----w C:\Program Files\Common Files\aol
2008-07-27 14:26 --------- d-----w C:\Program Files\Google
2008-07-27 11:58 --------- d-----w C:\Documents and Settings\Admin\Application Data\dvdcss
2008-07-27 02:36 --------- d-----w C:\Program Files\RegScrubXP
2008-07-26 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-07-26 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-25 20:33 96,384 ----a-w C:\WINDOWS\system32\drivers\sptd2957.sys
2008-07-24 21:11 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 17:22 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-24 17:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 16:44 --------- d-----w C:\Program Files\Kontiki
2008-07-24 16:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 16:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-24 16:20 --------- d-----w C:\Program Files\Java
2008-07-24 16:04 --------- d-----w C:\Program Files\Audible
2008-07-24 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-24 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-24 12:47 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-07-24 12:47 --------- d-----w C:\Program Files\Opera
2008-07-24 12:46 --------- d-----w C:\Program Files\Winamp
2008-07-24 12:46 --------- d-----w C:\Program Files\DivX
2008-07-24 08:49 --------- d-----w C:\Program Files\InterActual
2008-07-13 12:01 --------- d-----w C:\Documents and Settings\Admin\Application Data\Winamp
2008-07-12 22:41 65,536 ----a-w C:\WINDOWS\DUMPab63.tmp
2008-07-12 20:48 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-07 08:10 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-04 09:44 3,532 ----a-w C:\drmHeader.bin
2008-06-20 19:18 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Program Files\Vuze ----

2008-07-26 21:30 47 --a------ C:\Program Files\Vuze\plugins\azemp\mplayer\config


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-27 15:26 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-08 14:32 185784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
"Message of the Day"="C:\Program Files\UoL\MotD\MOTD2000.exe" [2006-05-01 13:53 23552]
"iRiver Updater"="\Updater.exe" [2004-07-01 22:20 212992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-02-01 00:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-03-23 11:21 5519424]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"LXBUCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll" [2006-11-20 20:12 69632]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-08 23:00 128920]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 16:30 71008]
"HostManager"="C:\Program Files\Common Files\AOL\1160729953\ee\AOLSoftware.exe" [2006-09-26 01:52 50736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-07-07 17:30:04 884838]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-07 09:10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 12:23 1032640 C:\Program Files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-10-22 13:22 7700480 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-08 14:32 185784 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ServiceLayer"=3 (0x3)
"SatSrv"=2 (0x2)
"ose"=3 (0x3)
"NBService"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"lxbu_device"=3 (0x3)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"KService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Diskeeper"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"AOL ACS"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"WLSetupSvc"=3 (0x3)
"SvcOnlineArmor"=2 (0x2)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"NinjaVideo Helper.exe"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"idsvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"lxbumon.exe"="C:\Program Files\Lexmark 6200 Series\lxbumon.exe"
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE
"EzPrint"="C:\Program Files\Lexmark 6200 Series\ezprint.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WinampAgent"=C:\Program Files\Winamp\winampa.exe
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
"iRiver Updater"=\Updater.exe
"SSS2007 PasswordManagerFFAutoFill"="C:\Program Files\Steganos Security Suite 2007\PasswordManagerFFAutoFill.exe"
"SSS2007 HotKeys"="C:\Program Files\Steganos Security Suite 2007\SteganosHotKeyService.exe"
"SSS2007 File Redirection Starter"="C:\Program Files\Steganos Security Suite 2007\fredirstarter.exe"
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\GIGABYTE\\@BIOS\\bios_run.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\Common Files\\aol\\1160729953\\ee\\aolsoftware.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh

R0 IFP300;iriver Internet Audio Player IFP-300;C:\WINDOWS\system32\DRIVERS\ifp300.sys [2004-03-29 18:28]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-06-29 00:09]
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-03-23 11:21]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-03-23 11:21]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2008-03-23 11:21]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 16:02]
S2 SvcOnlineArmor;Online Armor;C:\Program Files\Tall Emu\Online Armor\oasrv.exe [2008-03-23 11:21]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
S3 tapvpn;TAP VPN Adapter;C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 22:25]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 19:47]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-07-25 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
2008-07-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-07-27 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-07-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAC759C1-0052-4326-9F19-25051AD22968}.job - C:\Program Files\Internet Explorer??Admin?"Updates out-of-date system feeds.??? []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 17:49:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-27 17:51:16
ComboFix-quarantined-files.txt 2008-07-27 16:51:04
ComboFix2.txt 2008-07-27 16:44:02
ComboFix3.txt 2008-07-27 16:15:36
ComboFix4.txt 2008-07-27 15:15:17

Pre-Run: 87,671,160,832 bytes free
Post-Run: 87,658,766,336 bytes free

344 --- E O F --- 2008-07-26 08:35:51
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby whitlog » July 27th, 2008, 1:07 pm

file was successfully submitted

ok i went into the AOL spyware protection and i could not find anyway of getting file info or the location etc

the bitfrost warning has popped up a couple more times via the aol spyware

in the AOL spyware programme are these blocked items:-

Bitfrost\backdoor\security
1-2-3 spayware free\Trojan\Security
Baigoo.a\Ad-ware\\Nusiance
Party Poker\Tracking Cookie\Web Tracking

i also meant to mention that anywebsite that require java runing like youtube etc always say i need the latest flash version etc but i already have it
whitlog
Regular Member
 
Posts: 36
Joined: March 24th, 2008, 5:10 pm

Re: very slow machine and slow internet speed

Unread postby ndmmxiaomayi » July 28th, 2008, 8:55 am

Hmm... without much data to work with, I can't really tell what's going on. Let's see if an online scan reveals anything.

  1. Please go to Kaspersky website to perform an online scan. Please use Internet Explorer as it uses ActiveX.
  2. Click on Accept.
  3. It will prompt you to download an ActiveX. Allow it.
  4. After that, you will be prompted to install it.
  5. Once installed, it will start downloading the definitions. This will take some time. At the same time, you may also receive another prompt to install another ActiveX. Allow it again and repeat Step 2.
  6. When the definitions have finished downloading, click Next.
  7. Click on Scan Settings.
  8. Under Scan using the following antivirus database:, choose extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.
  9. Under Scan options:, check (tick) both boxes.
  10. Click Ok.
  11. Under Please select a target to scan:, click on My Computer. It will start scanning. Please be patient.
  12. Click on Save Report As....
  13. Give this report a name and change the Save as type: to Text file (*.txt) before clicking on Save.
  14. Please post this log in your next reply.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 303 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware