TechSpot

Computer acting very strange, suspect infection :(

By tm5rto
Aug 30, 2010
  1. Hello again, folks!

    Well, it's been a nice run for awhile, but my PC is acting very strange all of a sudden again. The only thing I can think of is a recent installation of Skype, which my daughter uses. Dell XPS, Win XP Pro, AVG Free

    First, when I click on IE shortcut, it launches two separate IE windows simultaneously. When I click on the dropdown arrow, it will not launch until I click on it about three times. At the same time, sometimes when I select a shortcut from the dropdown screen, it jumps to two icons ahead.

    When I try to place a cursor on text, it doesn't respond. Of course, when I click on the space several times trying to place a cursor, it just highlights the word.

    And of course, the huge drop in performance overall. I don't know if the settings got messed up somehow, but I suspect some sort of virus maybe.

    I ran Malwarebytes, SuperAntiSpyware, HJT, AVG, and Advance System Care. None fixed the problem.

    Would someone have an idea what's causing this? I appreciate any help or advice!
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    We can't 'screen' for malware using HijackThis.

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, paste the logs into your next reply. Can split over posts if needed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  3. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    I'm stuck dealing with GMER. I spent the day trying to get it working. Twice it caused the blue screen, once just re-started computer on it's own, and several times just stopped without giving me a chance to save the log. Bunch of times just says "The Scan stopped" I fooled it by launching the scan on both of my drives, but again terminated without letting me save the log.

    Oh, and completely froze the machine several times. The AVG was turned off, as the firewall.

    My machine is down to a crawl, something is seriously ailing it. Can this be done without GMER?
     
  4. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    Meanwhile, here is the Malwarebytes log
     

    Attached Files:

  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did you run DDS? We can look at possible reasons for slow computer- it doesn't have to be from malware. One of the DDS logs will show recent System Events which may explain freeze.

    You've had several problems in the past few months- don't know if they were fully resolved with exception of the thread I helped you with:
    GOYINORO virus took over, please help

    4/12/2010
    Host files were hijacked,
    Problem was resoled 4/18
    I fussed at you for Morpheus and uTorrent. You said you removed, system was fine, thread was closed 4/21.
    Steps were give to keep system clean and secure. This was not acknowledged.

    I remember you had Vista: how much RAM do you have installed? Open the Task Manager and look to lower left> how many processes are running?
     
  6. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    35 processes running, three user on this machine. I am running 3 gig of RAM, the OS is Win XP Pro, SP 3, Pentium 4, 3.4Ghz
    You did a fantastic job getting rid of nasties from our machine a few months back. But now there is something else. I don't know where it's coming from. My daughter visits cartoon and games sites, are those dangerous?
     

    Attached Files:

  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    1. 35 processes is good.
    2. 3 GB RAM should carry all those games.
    3. You have filters set up for family safety.
    4. The games and cartoons themselves usually are okay- but the sites they come from can bundle adware.
    5. I would recommend you uninstall Advance System Care. Neither the site it comes from nor the program itself are good to have.
    6. So far the logs are clean. But they aren't complete.
    I haven't seen this before:
    DDS:
    R? fsssvc;Windows Live Family Safety Service
    R? gupdate;Google Update Service (gupdate)
    R? SASENUM;SASENUM
    S? avg9wd;AVG Free WatchDog
    S? AvgLdx86;AVG Free AVI Loader Driver x86
    S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
    S? AvgTdiX;AVG Free Network Redirector
    S? fssfltr;fssfltr
    S? MMIndexer;Media Manager Indexer
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    S? sfsync03;StarForce Protection Synchronization Driver (version 3.x)


    All drivers and Services have a ? mark- no status showing.

    And for the Attach.txt log: you have this:
    But you should have this:
    And following the Running Processes, there should be this:
    The program puts all this in automatically- where is it?

    Please check the status of the Services first. Right now, I see a system problem not malware
     
  8. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    Alright, so something messed up all of these settings? Could it have been Advance System Care?
    Any way to fix this? Or do I have to go somewhere else for that?
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Are these actually missing from the logs- or did they get left out? I can't determine if it's due to ASC, but that program and site are very low rated.

    Might be a good idea to run DDS again and see how those logs come out. I would appreciate it if you would paste them instead of attach- split over a couple of posts if needed. We need to determine if those sections are actually not functioning or if the logs didn't generate correctly.

    IF you have a problem putting new logs out, let me know. I might have to remove the current 2 DDS logs to get new ones pasted in.
     
  10. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    I appreciate you're hanging in on this issue! I'll run it again. Any particular script blocking programs I should turn off? Maybe that's why I got this error
     
  11. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    I ran DDS again, same result. I got an error message towards the end of the scan <Can't dind script engine "VBSCRIPT" for script "C:\Documents and settings\Pyotr\Local settings\temp\MSGB.PIF">


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Pyotr at 0:02:15.34 on Wed 09/01/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

    ============== Running Processes ===============

    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\windows\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\windows\System32\snmp.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\System32\alg.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\windows\system32\ctfmon.exe
    C:\windows\system32\wuauclt.exe
    C:\Documents and Settings\Pyotr\Desktop\dds.scr
    C:\windows\System32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\System32\svchost.exe -k HTTPFilter
    C:\windows\system32\svchost.exe -k imgsvc

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.excite.com/
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: Send Image to Photo Library - file://c:\program files\mgi\mgi photosuite ii\temp\MGI00000.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/da/PCPitStop.CAB
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
    DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
    DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\pyotr\applic~1\mozilla\firefox\profiles\sa12336g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0

    ============= SERVICES / DRIVERS ===============

    R? fsssvc;Windows Live Family Safety Service
    R? gupdate;Google Update Service (gupdate)
    R? SASENUM;SASENUM
    S? avg9wd;AVG Free WatchDog
    S? AvgLdx86;AVG Free AVI Loader Driver x86
    S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
    S? AvgTdiX;AVG Free Network Redirector
    S? fssfltr;fssfltr
    S? MMIndexer;Media Manager Indexer
    S? SASDIFSV;SASDIFSV
    S? SASKUTIL;SASKUTIL
    S? sfsync03;StarForce Protection Synchronization Driver (version 3.x)

    =============== Created Last 30 ================

    2010-09-01 00:29:30 54156 ---ha-w- c:\windows\QTFont.qfn
    2010-09-01 00:29:30 1409 ----a-w- c:\windows\QTFont.for
    2010-08-31 19:20:15 9216 ----a-w- c:\windows\system32\escdev.dll
    2010-08-31 19:20:11 65793 ----a-w- c:\windows\system32\esfw54.bin
    2010-08-31 19:20:11 63488 ----a-w- c:\windows\system32\eswia54.dll
    2010-08-31 19:20:11 3584 ----a-w- c:\windows\system32\eswiaml.dll
    2010-08-31 19:20:11 172032 ----a-w- c:\windows\system32\esint54.dll
    2010-08-31 19:19:40 0 d-----w- C:\EPSON
    2010-08-30 01:23:28 0 d-----w- C:\Copy of My Music
    2010-08-29 15:27:37 0 d-----w- c:\program files\ESET
    2010-08-27 06:38:35 0 d-----w- c:\windows\system32\wbem\Repository
    2010-08-11 16:11:58 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    2010-08-11 16:09:11 0 d-----w- c:\program files\Windows Live SkyDrive
    2010-08-05 19:01:03 0 d-----w- c:\program files\i2k Quickage
    2010-08-03 16:25:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-08-03 16:25:46 159232 ----a-w- c:\windows\system32\ptpusd.dll

    ==================== Find3M ====================

    2010-07-18 12:23:37 87608 ----a-w- c:\docume~1\pyotr\applic~1\inst.exe
    2010-07-18 12:23:37 47360 ----a-w- c:\docume~1\pyotr\applic~1\pcouffin.sys
    2010-07-18 12:15:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-07-16 13:16:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-16 13:16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-16 13:16:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2006-08-29 16:48:10 1438 ----a-w- c:\program files\FAMILY.CRD
    2006-08-23 17:54:07 14897 ----a-w- c:\program files\USBP.CRD
    2006-06-27 19:19:09 6658 ----a-w- c:\program files\HOME.CRD
    2006-05-07 03:00:17 17077 ----a-w- c:\program files\PHONES.CRD
    2005-06-08 00:17:48 7052088 ----a-w- c:\program files\Photoshop_albumSE_en_us_300.exe
    2003-09-08 19:13:28 1045 ----a-w- c:\program files\B-DAYS.CRD
    2002-07-27 01:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
    2002-01-17 22:38:32 1508 ----a-w- c:\program files\CONTACTS.CRD
    1993-11-01 08:11:00 93184 ----a-w- c:\program files\CARDFILE.EXE
    2007-07-27 15:32:04 8 --sh--r- c:\windows\system32\6617DEA441.sys
    2007-08-05 06:46:48 8762 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2009-02-01 17:06:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020120090202\index.dat

    ============= FINISH: 0:02:32.21 ===============
     
  12. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    Here is the Atach file


    ==== Installed Programs ======================

    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.3.4
    Advanced GIF Animator 3.0
    AGEIA PhysX v7.11.13
    ArcSoft PhotoStudio 5.5
    Ashampoo Burning Studio 6 FREE
    AusLogics Registry Defrag
    Avery Wizard 3.1
    AVG Free 9.0
    Battlefield: Bad Company™ 2
    Belarc Advisor 7.2
    Call of Duty - United Offensive
    Call of Duty(R) - World at War(TM) 1.1 Patch
    Call of Duty(R) - World at War(TM) 1.2 Patch
    Call of Duty(R) - World at War(TM) 1.3 Patch
    Call of Duty(R) 2 Patch 1.3
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    Canon MP Navigator 3.0
    Canon MP160
    Canon MP160 User Registration
    Canon My Printer
    Canon PhotoRecord
    Canon Utilities PhotoStitch 3.1
    CCleaner (remove only)
    Corel Snapfire DVD Maker
    Corel Snapfire Plus
    Creative AudioHQ
    Creative MediaSource
    Critical Update for Windows Media Player 11 (KB959772)
    Crysis WARHEAD(R)
    Dawn Of War - Winter Assault
    Dell Driver Reset Tool
    Dell ResourceCD
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DVD Decrypter (Remove Only)
    DVD43 v4.4.0
    EA Download Manager
    Easy CD & DVD Creator 6
    EPSON Perf 4490P Guide
    EPSON Scan
    EPSON Scan Assistant
    ESET Online Scanner v3
    Fancy DVD Copy V3.2.0
    Fantastic Ocean 3D Screensaver v1.4
    Far Cry (Patch 1.4)
    Far Cry 2
    FEAR
    FEAR Extraction Point
    FEAR Perseus Mandate
    FEAR Perseus Mandate Demo
    FooPets Desktop
    Game Booster
    GameSpy Arcade
    Ghost Recon Advanced Warfighter
    Google Chrome
    Google Update Helper
    GRAW Patch 1.35
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix 2055 for SQL Server 2000 ENU (KB960082)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB954708)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Hoyle Board Games 2005
    Hoyle Card Games 2005
    Intel Application Accelerator
    Intel(R) 537EP V9x DF PCI Modem
    InterActual Player
    Internet Explorer (Enable DEP)
    IrfanView (remove only)
    iTunes
    IZArc 3.81
    Java Auto Updater
    Java(TM) 6 Update 20
    JumpStart World Presents Pet Playground
    Junk Mail filter update
    Key Advantage Typing
    Lexar Backup n Sync
    Magic Notes V3.5
    Malwarebytes' Anti-Malware
    Medal of Honor Pacific Assault(tm)
    MGI PhotoSuite II SE (Remove Only)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Media Manager 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Office XP Media Content
    Microsoft Outlook Hotmail Connector 32-bit
    Microsoft Picture It! 2.0
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft Streets and Trips 2004
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 4.5
    Microsoft Works Setup Launcher
    Microsoft XML Parser
    Mozilla Firefox (3.0.10)
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    neroxml
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    OGA Notifier 2.0.0048.0
    OLYMPUS CAMEDIA Master 2.0
    OpenAL
    overland
    Painkiller
    Painkiller Resurrection Demo
    Paint.NET v3.36
    Pet Vet 3D Animal Hospital
    Pinnacle Instant DVD Recorder
    Pinnacle MediaServer
    Pinnacle PCI Performance Enhancer
    Power DVD Rip Studio v1.1.7.66
    PowerDVD 5.3
    Presto! BizCard 4.1 Eng
    PrimoPDF -- by Nitro PDF Software
    proDAD Heroglyph 2.5
    QuickTime
    Registry Repair 2.4
    Revo Uninstaller 1.87
    RussianNow!
    S.T.A.L.K.E.R. - Shadow of Chernobyl
    ScanSoft OmniPage SE 4.0
    Scooby-Doo(TM), Case File #1 The Glowing Bug Man
    Security Update for 2007 Microsoft Office System (KB2277947)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for 2007 Microsoft Office System (KB982331)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB982308)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB980376)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2251419)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Segoe UI
    Skype™ Beta 4.0
    Smart Defrag 1.20
    SmartSound Quicktracks Plugin
    Sonic DLA
    Sonic MyDVD
    Sonic RecordNow!
    Sonic Update Manager
    Sound Blaster Audigy 2 ZS
    Studio 10 Bonus DVD
    Studio 10.8 Patch
    SUPERAntiSpyware Free Edition
    SureThing CD Labeler - Stomper Edition 32 bit
    System Requirements Lab
    Tom Clancy's Ghost Recon Advanced Warfighter® 2
    Tom Clancy's Rainbow Six Vegas 2
    Try Corel Snapfire muvee autoProducer add on
    ubi.com
    Ultimate Mahjongg 15
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (kb2279264)
    Update for Windows Internet Explorer 8 (KB971930)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    VCRedistSetup
    Ventrilo Client
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    WebFldrs XP
    WinAce Archiver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Toolbar
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows PowerShell(TM) 1.0
    Windows Search 4.0
    Windows XP Service Pack 3
    WinZip
    Wolfenstein
    WONswap
    XviD & MP3 Codec Pack (remove only)
    XviD MPEG-4 Video Codec
    YouTube Downloader 2.5.6

    ==== End Of File ===========================
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, we need to check to see if the system actually has the missing sections. You have an enormous number of installed programs. Since the information didn't print out in the log, I can tell about the used/free space on the hard drive>

    Click on the Control Panel> Administrative Tools> Do you have these sections:

    • [*]Component Services
      [*]Computer Management
      [*]Data Surce (ODBC)
      [*]Event Viewer
      [*]Performance
      [*]Services

    Click on the + sign in Computer Management. Does the tree on the left have the following 3 sections:

    • [*]System Tools
      [*]Storage
      [*]Services and applications

    Click on the + sign in System Tools. Does the tree on the left have the following 3 sections:

    • [*]Event viewer
      [*] Shared Folders
      [*]Performance logs and alerts.
    Click on the + sign in Services and applications. Does the tree have the following:
    • Services
    • WMI Control
    • Indexing Service.

    Using Windows Explorwer: Windows key + E:
    Click on My Computer> Double click on Local Drive (C)> give me the numbers in GB for:

    • [*]Used
      [*]Free
      [*]Capacity

    Are you missing any of these sections? Are any of the sections blank with no content?
     
  14. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    Click on the Control Panel> Administrative Tools> Do you have these sections:

    yes Component Services
    yes Computer Management
    yes Data Surce (ODBC)
    yes Event Viewer
    yes Performance
    yes Services
    Click on the + sign in Computer Management. Does the tree on the left have the following 3 sections:

    yes System Tools
    yes Storage
    yes Services and applications

    Click on the + sign in System Tools. Does the tree on the left have the following 3 sections:

    yes Event viewer
    yes Shared Folders
    yes Performance logs and alerts.
    And others: Local Users and Groups; Device Manager

    Click on the + sign in Services and applications. Does the tree have the following:
    yes Services
    yes WMI Control
    yes Indexing Service.

    Using Windows Explorwer: Windows key + E:
    Click on My Computer> Double click on Local Drive (C)> give me the numbers in GB for:

    • Used -132
    • Free – 16.3
    • Capacity - 149

    Are you missing any of these sections? NO
    Are any of the sections blank with no content? NO

    We do have a lot of programs installed, there are three users right now, and was four before our son went off to higher education recently. I uninstalled some games, and probably need to clean out some of the utilities
     
  15. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    This is very frustrating! Even such simple, mundane tasks as highlighting a section of text, or placing a cursor is a frustrating chore with whatever it is going!
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You've only got 12% of the hard drive free- not surprising with all that's installed. You are asking a lot of that system. Try to run this program- it will give me another view of the drivers and Services:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..

    I'm asking someone about the ? marks in Services and drivers.
     
  17. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    The problem with the computer started just recently, about a week ago. The C:\Drive has been packed for awhile. And lots of the programs listed are probably on my second drive, J:\. Everything was working and running just fantastic since you've helped me before, until just recently. I was suspecting that my daughter went on a wrong website, and picked up something nasty.


    ComboFix 10-09-01.02 - Pyotr 09/01/2010 20:30:06.7.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2351 [GMT -4:00]
    Running from: c:\documents and settings\Pyotr\Desktop\ComboFix.exe

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
    c:\documents and settings\Pyotr\Application Data\inst.exe
    c:\program files\UNWISE.EXE
    C:\Thumbs.db
    J:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
    .

    2010-09-01 07:00 . 2010-09-01 07:00 -------- d-----w- c:\windows\LastGood
    2010-08-31 19:20 . 2006-08-24 21:00 9216 ----a-w- c:\windows\system32\escdev.dll
    2010-08-31 19:20 . 2006-10-13 04:00 65793 ----a-w- c:\windows\system32\esfw54.bin
    2010-08-31 19:20 . 2006-10-13 04:00 63488 ----a-w- c:\windows\system32\eswia54.dll
    2010-08-31 19:20 . 2006-05-23 04:00 172032 ----a-w- c:\windows\system32\esint54.dll
    2010-08-31 19:20 . 2006-03-10 04:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
    2010-08-31 19:19 . 2010-08-31 19:19 -------- d-----w- C:\EPSON
    2010-08-30 01:23 . 2010-08-30 01:23 -------- d-----w- C:\Copy of My Music
    2010-08-29 15:27 . 2010-08-29 15:27 -------- d-----w- c:\program files\ESET
    2010-08-27 06:38 . 2010-08-27 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-11 16:11 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    2010-08-11 16:11 . 2010-08-11 16:11 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-08-11 16:09 . 2010-08-11 16:09 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-08-05 19:01 . 2010-08-05 19:01 -------- d-----w- c:\program files\i2k Quickage
    2010-08-03 16:25 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-08-03 16:25 . 2008-04-13 21:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-08-03 15:15 . 2010-08-03 15:15 -------- d-----w- c:\documents and settings\Olga\Local Settings\Application Data\Skype
    2010-08-03 03:44 . 2010-08-30 12:03 -------- d-----w- c:\documents and settings\Olga\Application Data\skypePM
    2010-08-03 03:37 . 2010-08-30 15:33 -------- d-----w- c:\documents and settings\Olga\Application Data\Skype

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-01 19:42 . 2009-04-05 18:52 -------- d-----w- c:\program files\Ashampoo
    2010-09-01 00:44 . 2006-08-12 05:16 -------- d-----w- c:\program files\Activision
    2010-09-01 00:44 . 2006-07-28 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-01 00:41 . 2006-11-13 20:31 -------- d-----w- c:\program files\Electronic Arts
    2010-09-01 00:25 . 2009-02-08 17:10 -------- d-----w- c:\program files\IObit
    2010-08-31 23:51 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
    2010-08-31 23:51 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
    2010-08-31 19:20 . 2008-04-30 22:52 -------- d-----w- c:\program files\epson
    2010-08-31 12:24 . 2009-01-04 19:52 -------- d-----w- c:\program files\VideoLAN
    2010-08-28 15:17 . 2007-11-19 23:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\GlarySoft
    2010-08-27 06:37 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-08-25 02:38 . 2008-05-02 22:00 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Skype
    2010-08-24 20:27 . 2009-11-16 15:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\skypePM
    2010-08-19 03:01 . 2010-04-12 13:11 117760 ----a-w- c:\documents and settings\Pyotr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-18 09:02 . 2009-08-05 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-08-12 07:25 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\Sasha\Application Data\Skype
    2010-08-12 04:02 . 2008-04-22 20:12 -------- d-----w- c:\documents and settings\Sasha\Application Data\skypePM
    2010-08-12 02:23 . 2007-05-06 22:27 141240 ----a-w- c:\documents and settings\Olga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-11 16:11 . 2008-05-17 16:48 -------- d-----w- c:\program files\Windows Live
    2010-08-11 16:09 . 2009-03-01 17:42 -------- d-----w- c:\program files\Microsoft
    2010-08-11 16:03 . 2006-08-08 17:35 141240 ----a-w- c:\documents and settings\Sasha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-05 19:01 . 2010-07-18 12:24 -------- d-----w- c:\documents and settings\Pyotr\Application Data\i2k Quickage
    2010-08-02 18:57 . 2010-08-02 18:57 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    2010-08-02 18:57 . 2010-08-02 18:57 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
    2010-08-02 18:57 . 2010-08-02 18:57 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
    2010-08-02 18:57 . 2010-08-02 18:57 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-07-18 12:23 . 2010-07-18 12:15 -------- d-----w- c:\program files\QR Photo DVD Slideshow
    2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
    2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
    2010-07-18 12:23 . 2009-01-04 19:20 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Vso
    2010-07-18 12:16 . 2006-07-31 16:28 141240 ----a-w- c:\documents and settings\Pyotr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-18 12:15 . 2009-01-04 19:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-07-16 13:16 . 2010-05-09 22:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-16 13:16 . 2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-16 13:16 . 2010-05-09 22:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-16 11:40 . 2010-07-16 11:38 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-16 11:38 . 2010-07-16 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-07-14 13:37 . 2009-04-04 03:50 -------- d-----w- c:\program files\MSBuild
    2010-07-14 13:36 . 2010-07-14 13:36 -------- d-----w- c:\program files\Microsoft.NET
    2010-07-14 13:20 . 2008-05-17 16:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-07-07 06:05 . 2010-04-14 16:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-12 13:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2006-07-28 02:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2006-08-29 16:48 . 2006-08-29 16:51 1438 ----a-w- c:\program files\FAMILY.CRD
    2006-08-23 17:54 . 2006-08-29 16:50 14897 ----a-w- c:\program files\USBP.CRD
    2006-06-27 19:19 . 2006-08-29 16:49 6658 ----a-w- c:\program files\HOME.CRD
    2006-05-07 03:00 . 2006-08-29 16:49 17077 ----a-w- c:\program files\PHONES.CRD
    2005-06-08 00:17 . 2006-07-28 08:03 7052088 ----a-w- c:\program files\Photoshop_albumSE_en_us_300.exe
    2003-09-08 19:13 . 2006-08-29 16:50 1045 ----a-w- c:\program files\B-DAYS.CRD
    2002-01-17 22:38 . 2006-08-29 16:51 1508 ----a-w- c:\program files\CONTACTS.CRD
    1993-11-01 08:11 . 2006-08-29 16:49 93184 ----a-w- c:\program files\CARDFILE.EXE
    2007-07-27 15:32 . 2007-07-27 15:32 8 --sh--r- c:\windows\system32\6617DEA441.sys
    2007-08-05 06:46 . 2007-07-27 15:32 8762 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
    backup=c:\windows\pss\Introducing Media Manager.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
    path=c:\documents and settings\Pyotr\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
    backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-08-23 22:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2004-06-29 15:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-03-30 16:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-10-11 18:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-03-29 05:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    2003-01-09 13:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2003-01-13 14:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-01-13 18:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-09-28 19:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2004-01-07 05:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
    2007-02-20 08:07 199752 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service"=2 (0x2)
    "SQLAgent$PINNACLESYS"=3 (0x3)
    "ProtexisLicensing"=2 (0x2)
    "PnkBstrB"=3 (0x3)
    "PnkBstrA"=2 (0x2)
    "PinnacleSys.MediaServer"=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$PINNACLESYS"=2 (0x2)
    "MDM"=2 (0x2)
    "iPodService"=3 (0x3)
    "IDriverT"=3 (0x3)
    "IAANTMon"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
    "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Hamachi\\hamachi.exe"=
    "c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\Lockdown.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\windows\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\windows\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
    "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
    "c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
    "c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
    "c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "j:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
    "j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
    "j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW-standalone.exe"=
    "c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
    "c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
    "j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
    "j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\LockdownDed.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Magic Notes\\Sticky32.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
    "j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
    "j:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service
    "2441:UDP"= 2441:UDP:Windows Media Format SDK (iexplore.exe)
    "2440:UDP"= 2440:UDP:Windows Media Format SDK (iexplore.exe)
    "4598:TCP"= 4598:TCP:*:Disabled:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2010 6:10 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2010 6:10 PM 243024]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:16 AM 308136]
    R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 3:50 PM 135664]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - DMADMIN
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-31 c:\windows\Tasks\dfrg.job
    - c:\windows\system32\dfrg.msc [2004-08-12 13:18]

    2010-08-29 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]

    2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]
    .
    .
     
  18. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.excite.com/
    IE: Send Image to Photo Library - file://c:\program files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\Pyotr\Application Data\Mozilla\Firefox\Profiles\sa12336g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-EEventManager - c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
    MSConfigStartUp-nwiz - nwiz.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-01 20:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1229272821-1757981266-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:ca,72,25,ee,c8,0b,fd,82,24,30,33,2e,be,8b,90,85,12,11,9f,af,eb,
    21,58,ab,2a,ab,26,d6,87,4e,25,dd,f2,34,3c,9b,99,df,59,3d,e2,f8,11,f6,8f,79,\
    "rkeysecu"=hex:b7,7e,58,ac,b9,69,01,b1,e7,61,cf,60,d0,0a,eb,0f

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(960)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-09-01 20:38:20
    ComboFix-quarantined-files.txt 2010-09-02 00:38
    ComboFix2.txt 2010-04-24 21:32

    Pre-Run: 18,428,936,192 bytes free
    Post-Run: 18,532,241,408 bytes free

    - - End Of File - - AEF670044B821BC3DBFF4D1BCD245413
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Pete, I went back and reviewed the cleaning from April. I can't believe I didn't say anything about WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. This Combofix still shows that. You really need to get this. Is there some reason you didn't allow it the times you ran Combofix?

    What is the little icon to the left of all the 'Yes' when I had you review the Administrative Tools?. Do you by chance have another language on the system?

    You need to tighten up your firewall. You have all the games, plus other programs, allowed firewall passage. This is on both C and J drive. I note also that you have the Chkdsk set to autostart on boot and you have Belarc running. You don't need the error checking on every boot and Belarc can check the system when you launce it- no need to keep it running in the background.

    Please run this Custom CFScript


    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad and copy/paste the text in the code below into it:
    Code:
    File::
    c:\windows\system32\drivers\srv.sys
    c:\windows\system32\wininet.dll
    Folder::
    c:\program files\Microsoft
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=-
    [HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
    backup=-
    [HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
    path=-
    backup=-
    
    RegNull::
    [HKEY_USERS\S-1-5-21-1229272821-1757981266-839522115-1003\Software\SecuROM\License information*]
    
    RegLock::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    
    
    RegLockDel::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=-
    
    Driver::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
    ====================
    Go on to next reply when through.
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    After running the script:


    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    ===============================
    Remove thumbs.db: C:\Thumbs.db removed in Combofix
    This file is a cache of the thumbnail pictures in a directory. It speeds up the showing of thumbnails when you are viewing a folder in Thumbnail view.
    [​IMG]

    While this might be a convenience, it takes up disk space. The space may be small, but is cumlulative and if you have a lot of thumbs.db files on your hard drive you may be able to save some valuable space by removing them.

    From PCHell Support:
    If you are low on disk space and dont use the Thumbnail view to show your files, this may save you some valuable disk space.
    NOTE: This does not delete images and you can still view in thumbnails by changing the view screen.
     
  21. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    Combofix tried to install the recovery console, but I got an error message" C:\Boot.ini is not correctly formated" Can I do something to fix that?

    I'll be running the CF right now, will post the log
     
  22. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    ComboFix 10-09-01.04 - Pyotr 09/02/2010 23:53:23.8.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2463 [GMT -4:00]
    Running from: c:\documents and settings\Pyotr\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Pyotr\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    FILE ::
    "c:\windows\system32\drivers\srv.sys"
    "c:\windows\system32\wininet.dll"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Microsoft
    c:\program files\Microsoft\Office Live\muauth.cab
    c:\program files\Microsoft\Office Live\npOLW.dll
    c:\program files\Microsoft\Office Live\OfficeLiveSignIn.exe
    c:\program files\Microsoft\Office Live\OLConnector.dll
    c:\program files\Microsoft\Office Live\OLConnectorResources.dll
    c:\program files\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe
    c:\program files\Microsoft\Search Enhancement Pack\Choice Guard\ChoiceGuard.dll
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL
    c:\program files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    c:\program files\Microsoft\Search Enhancement Pack\SeaShadow\SEASHADO.DLL
    C:\Thumbs.db
    c:\windows\system32\drivers\srv.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_SeaPort
    -------\Legacy_SeaPort
    -------\Service_SeaPort
    -------\Service_SeaPort


    ((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
    .

    2010-08-31 19:20 . 2006-08-24 21:00 9216 ----a-w- c:\windows\system32\escdev.dll
    2010-08-31 19:20 . 2006-10-13 04:00 65793 ----a-w- c:\windows\system32\esfw54.bin
    2010-08-31 19:20 . 2006-10-13 04:00 63488 ----a-w- c:\windows\system32\eswia54.dll
    2010-08-31 19:20 . 2006-05-23 04:00 172032 ----a-w- c:\windows\system32\esint54.dll
    2010-08-31 19:20 . 2006-03-10 04:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
    2010-08-31 19:19 . 2010-08-31 19:19 -------- d-----w- C:\EPSON
    2010-08-30 01:23 . 2010-08-30 01:23 -------- d-----w- C:\Copy of My Music
    2010-08-29 15:27 . 2010-08-29 15:27 -------- d-----w- c:\program files\ESET
    2010-08-27 06:38 . 2010-08-27 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-08-11 16:11 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    2010-08-11 16:11 . 2010-08-11 16:11 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-08-11 16:09 . 2010-08-11 16:09 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-08-05 19:01 . 2010-08-05 19:01 -------- d-----w- c:\program files\i2k Quickage

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-03 04:01 . 2010-05-25 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-03 04:00 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
    2010-09-03 04:00 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
    2010-09-02 22:22 . 2006-07-28 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-01 19:42 . 2009-04-05 18:52 -------- d-----w- c:\program files\Ashampoo
    2010-09-01 00:44 . 2006-08-12 05:16 -------- d-----w- c:\program files\Activision
    2010-09-01 00:41 . 2006-11-13 20:31 -------- d-----w- c:\program files\Electronic Arts
    2010-09-01 00:25 . 2009-02-08 17:10 -------- d-----w- c:\program files\IObit
    2010-08-31 19:20 . 2008-04-30 22:52 -------- d-----w- c:\program files\epson
    2010-08-31 12:24 . 2009-01-04 19:52 -------- d-----w- c:\program files\VideoLAN
    2010-08-30 15:33 . 2010-08-03 03:37 -------- d-----w- c:\documents and settings\Olga\Application Data\Skype
    2010-08-30 12:03 . 2010-08-03 03:44 -------- d-----w- c:\documents and settings\Olga\Application Data\skypePM
    2010-08-28 15:17 . 2007-11-19 23:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\GlarySoft
    2010-08-27 06:37 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
    2010-08-25 02:38 . 2008-05-02 22:00 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Skype
    2010-08-24 20:27 . 2009-11-16 15:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\skypePM
    2010-08-19 03:01 . 2010-04-12 13:11 117760 ----a-w- c:\documents and settings\Pyotr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-18 09:02 . 2009-08-05 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-08-12 07:25 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\Sasha\Application Data\Skype
    2010-08-12 04:02 . 2008-04-22 20:12 -------- d-----w- c:\documents and settings\Sasha\Application Data\skypePM
    2010-08-12 02:23 . 2007-05-06 22:27 141240 ----a-w- c:\documents and settings\Olga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-11 16:11 . 2008-05-17 16:48 -------- d-----w- c:\program files\Windows Live
    2010-08-11 16:03 . 2006-08-08 17:35 141240 ----a-w- c:\documents and settings\Sasha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-05 19:01 . 2010-07-18 12:24 -------- d-----w- c:\documents and settings\Pyotr\Application Data\i2k Quickage
    2010-07-18 12:23 . 2010-07-18 12:15 -------- d-----w- c:\program files\QR Photo DVD Slideshow
    2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
    2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
    2010-07-18 12:23 . 2009-01-04 19:20 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Vso
    2010-07-18 12:16 . 2006-07-31 16:28 141240 ----a-w- c:\documents and settings\Pyotr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-07-18 12:15 . 2009-01-04 19:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
    2010-07-16 13:16 . 2010-05-09 22:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-16 13:16 . 2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-16 13:16 . 2010-05-09 22:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-07-16 11:40 . 2010-07-16 11:38 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-07-16 11:38 . 2010-07-16 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
    2010-07-14 13:37 . 2009-04-04 03:50 -------- d-----w- c:\program files\MSBuild
    2010-07-14 13:36 . 2010-07-14 13:36 -------- d-----w- c:\program files\Microsoft.NET
    2010-07-14 13:20 . 2008-05-17 16:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-07-07 06:05 . 2010-04-14 16:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31 . 2006-07-28 02:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2006-08-29 16:48 . 2006-08-29 16:51 1438 ----a-w- c:\program files\FAMILY.CRD
    2006-08-23 17:54 . 2006-08-29 16:50 14897 ----a-w- c:\program files\USBP.CRD
    2006-06-27 19:19 . 2006-08-29 16:49 6658 ----a-w- c:\program files\HOME.CRD
    2006-05-07 03:00 . 2006-08-29 16:49 17077 ----a-w- c:\program files\PHONES.CRD
    2005-06-08 00:17 . 2006-07-28 08:03 7052088 ----a-w- c:\program files\Photoshop_albumSE_en_us_300.exe
    2003-09-08 19:13 . 2006-08-29 16:50 1045 ----a-w- c:\program files\B-DAYS.CRD
    2002-01-17 22:38 . 2006-08-29 16:51 1508 ----a-w- c:\program files\CONTACTS.CRD
    1993-11-01 08:11 . 2006-08-29 16:49 93184 ----a-w- c:\program files\CARDFILE.EXE
    2007-07-27 15:32 . 2007-07-27 15:32 8 --sh--r- c:\windows\system32\6617DEA441.sys
    2007-08-05 06:46 . 2007-07-27 15:32 8762 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( SnapShot@2010-09-02_00.36.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-09-03 04:02 . 2010-09-03 04:02 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_638.dat
    + 2010-09-03 04:02 . 2010-09-03 04:02 16384 c:\windows\Temp\Perflib_Perfdata_360.dat
    + 2010-09-03 04:02 . 2010-09-03 04:02 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat
    - 2010-06-05 07:01 . 2010-06-05 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-06-05 07:01 . 2010-09-02 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
    - 2004-08-12 13:26 . 2010-09-01 00:06 521626 c:\windows\system32\perfh009.dat
    + 2004-08-12 13:26 . 2010-09-03 04:06 521626 c:\windows\system32\perfh009.dat
    + 2004-08-12 13:26 . 2010-09-03 04:06 104536 c:\windows\system32\perfc009.dat
    - 2004-08-12 13:26 . 2010-09-01 00:06 104536 c:\windows\system32\perfc009.dat
    - 2008-10-14 23:10 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
    + 2004-08-12 13:30 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
    + 2010-09-02 22:24 . 2010-09-02 22:24 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    + 2010-09-02 22:25 . 2010-09-02 22:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2010-09-02 22:25 . 2010-09-02 22:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
    + 2010-09-02 22:25 . 2010-09-02 22:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
    + 2010-09-02 22:25 . 2010-09-02 22:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
    + 2010-09-02 22:25 . 2010-09-02 22:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:45 . 2010-06-13 18:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:45 . 2010-06-13 18:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:45 . 2010-06-13 18:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:45 . 2010-06-13 18:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:46 . 2010-06-13 18:46 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:45 . 2010-06-13 18:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 22:24 . 2010-09-02 22:24 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    - 2010-06-13 18:45 . 2010-06-13 18:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
    + 2010-09-02 07:00 . 2010-09-02 07:00 20303872 c:\windows\Installer\6a6d209.msp
     
  23. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
    backup=c:\windows\pss\Introducing Media Manager.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
    path=c:\documents and settings\Pyotr\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
    backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-08-23 22:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2004-06-29 15:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-03-30 16:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2006-10-11 18:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2008-03-29 05:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
    2003-01-09 13:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
    2003-01-13 14:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
    2003-01-13 18:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-09-28 19:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    2004-01-07 05:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
    2007-02-20 08:07 199752 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "Viewpoint Manager Service"=2 (0x2)
    "SQLAgent$PINNACLESYS"=3 (0x3)
    "ProtexisLicensing"=2 (0x2)
    "PnkBstrB"=3 (0x3)
    "PnkBstrA"=2 (0x2)
    "PinnacleSys.MediaServer"=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQL$PINNACLESYS"=2 (0x2)
    "MDM"=2 (0x2)
    "iPodService"=3 (0x3)
    "IDriverT"=3 (0x3)
    "IAANTMon"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
    "c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Hamachi\\hamachi.exe"=
    "c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\Lockdown.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\windows\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
    "c:\\windows\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
    "c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
    "c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
    "c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
    "c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
    "c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
    "j:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
    "j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
    "j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW-standalone.exe"=
    "c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
    "c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
    "j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
    "j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
    "c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\LockdownDed.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Magic Notes\\Sticky32.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
    "j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
    "j:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "j:\\Program Files\\NovaLogic\\Delta Force Xtreme 2\\dfx2.exe"=
    "j:\\Program Files\\NovaLogic\\Delta Force Xtreme 2\\UPDATE.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service
    "2441:UDP"= 2441:UDP:Windows Media Format SDK (iexplore.exe)
    "2440:UDP"= 2440:UDP:Windows Media Format SDK (iexplore.exe)
    "4598:TCP"= 4598:TCP:*:Disabled:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

    R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2010 6:10 PM 216400]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2010 6:10 PM 243024]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:16 AM 308136]
    R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 3:50 PM 135664]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-31 c:\windows\Tasks\dfrg.job
    - c:\windows\system32\dfrg.msc [2004-08-12 13:18]

    2010-08-29 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]

    2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]

    2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.excite.com/
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\Pyotr\Application Data\Mozilla\Firefox\Profiles\sa12336g.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 2250000
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 48
    FF - user.js: network.http.max-connections-per-server - 16
    FF - user.js: network.http.max-persistent-connections-per-proxy - 16
    FF - user.js: network.http.max-persistent-connections-per-server - 8
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.firstrequest - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-03 01:28
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(936)
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(3932)
    c:\windows\system32\WININET.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\UnToAnsi.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVG\AVG9\avgchsvx.exe
    c:\program files\AVG\AVG9\avgrsx.exe
    c:\program files\AVG\AVG9\avgcsrvx.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\System32\snmp.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\AVG\AVG9\avgnsx.exe
    c:\windows\system32\SearchProtocolHost.exe
    c:\windows\system32\SearchFilterHost.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-03 01:31:58 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-03 05:31
    ComboFix2.txt 2010-09-02 00:38
    ComboFix3.txt 2010-04-24 21:32

    Pre-Run: 18,300,141,568 bytes free
    Post-Run: 18,323,468,288 bytes free

    - - End Of File - - 46C1F27F7631E18B2399AFA05A8BB4C3
     
  24. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    I just deleted the thumbs files. Even that was a chore. It wouldn't let me just highlight all of the files and deleted them, kept giving me an error msg. Had to deleted them one by one.

    Seems like a click of the mouse all of a sudden registers as two clicks, which would account for not being able to place a cursor within a text, without highlighting it, and other assorted ills.
     
  25. tm5rto

    tm5rto TS Enthusiast Topic Starter Posts: 114

    The characters you asked about, that was check marks from Word bullets
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...