Inactive Pc is working slowly, not cleaned in long time

[chidori]

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Owner at 9:54:19 on 2011-06-13
Microsoft Windows XP Professional 5.1.2600.3.1252.48.1033.18.3033.2267 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k UPHClean
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.bearshare.com/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: IEPluginBHO: {f5cc7f02-6f4e-4462-b5b1-394a57fd3e0d} - IEPluginBHO Class
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig#
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\gadu-gadu 10\_userdata\npgg.4.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\NPDocBox.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-2-26 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-7-26 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-26 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-26 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-26 108552]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-5 218688]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-7-27 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-7-27 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2010-7-27 1370488]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-2-26 5576712]
R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-2-26 563720]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-26 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-2-26 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-2-26 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-2-26 27232]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-5-12 110080]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-8-16 242048]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2010-1-23 9472]
S2 gupdate;Usluga Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-25 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-17 16512]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 947528]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-26 29208]
S3 gupdatem;Usluga Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-12 39984]
.
=============== Created Last 30 ================
.
2011-06-12 21:30:05 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-06-12 21:29:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 21:29:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-12 21:29:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-12 21:29:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-11 19:01:48 810496 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-11 19:01:48 797184 ----a-w- c:\windows\system32\ac3filter.ax
2011-06-11 19:01:48 258048 ----a-w- c:\windows\system32\libFLAC.dll
2011-06-11 19:01:42 -------- d-----w- c:\program files\ALLPlayer
2011-06-06 17:48:17 -------- d--h--w- c:\windows\PIF
2011-06-05 12:04:52 -------- d-----w- c:\program files\OpenAL
2011-06-05 12:04:41 -------- d-----w- c:\windows\Puzzle Quest
2011-06-05 12:04:40 -------- d-----w- c:\program files\Puzzle Quest
2011-06-05 11:58:41 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-05 11:57:42 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-05 11:57:21 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
2011-06-05 11:57:21 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
2011-06-04 20:17:47 -------- d-----w- c:\program files\Terminal Reality
2011-06-04 17:46:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 12:59:01 -------- d-----w- c:\program files\PeerGuardian2
2011-05-30 10:05:04 -------- d-----w- c:\documents and settings\all users\application data\AlawarWrapper
2011-05-30 10:04:32 -------- d-----w- c:\program files\Gry.Pl
2011-05-26 09:36:06 -------- d-----w- c:\program files\SubEdit-Player
2011-05-16 18:21:38 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-05-16 18:21:38 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-05-16 18:21:38 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-05-16 18:21:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-05-16 18:21:38 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-05-16 18:21:37 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-05-16 18:21:37 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-05-16 18:21:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-05-16 14:56:23 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys
2011-05-16 14:55:37 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
.
==================== Find3M ====================
.
.
============= FINISH: 9:55:16,92 ===============

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6842

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2011-06-13 10:14:21
mbam-log-2011-06-13 (10-14-21).txt

Scan type: Quick scan
Objects scanned: 146048
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[Bobbye]

Welcome to TechSpot! Please not ethat that this forum is not a 'laundry service.' There are many reasons for a slow computer.

Your antivirus program AVG v8 is out of date.
You have no antimalware (spyware) programs running except what is bundled in AVG and out of date..
You can expect problems due to your file sharing.

There is another log from DDS. It is named Attach.txt. If you think you have malware, please include that log in you next reply (do not zip it) so I can see what other vulnerabilities you may have in addition to BearShare..
Complete the additional steps in the Preliminary Virus and Malware Removal thread HERE
NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Also describe problems-other than 'slow' if any.
===========================================
My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Reminder to be patient

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[chidori]

thx for the fast response,i have updated the antivirus,what antimalware you can suggest? thanx a lot
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2010-05-12 22:12:45
System Uptime: 2011-06-13 09:42:55 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R510/P510
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1995/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 29 GiB total, 1,222 GiB free.
D: is FIXED (NTFS) - 120 GiB total, 50,09 GiB free.
E: is CDROM ()
F: is CDROM (CDFS)
G: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5007EG Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&1A9C2D41&0&00E0
Manufacturer: Atheros
Name: Atheros AR5007EG Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&1A9C2D41&0&00E0
Service: AR5416
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_C042144D&REV_13\4&3905AE0C&0&00E3
Manufacturer: Marvell
Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_C042144D&REV_13\4&3905AE0C&0&00E3
Service: yukonwxp
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_C042144D&REV_03\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_C042144D&REV_03\3&11583659&0&FB
Service:
.
==== System Restore Points ===================
.
RP1: 2010-05-12 22:14:39 - System Checkpoint
RP2: 2010-05-12 16:16:33 - Installed Microsoft .NET Framework 2.0 Service Pack 2
RP3: 2010-05-12 16:18:16 - Installed Windows KB971276-v3.
RP4: 2010-05-12 16:18:25 - Installed RGB9RAST
RP5: 2010-05-12 16:18:29 - Installed Microsoft .NET Framework 3.0 Service Pack 2
RP6: 2010-05-12 16:19:52 - Installed Microsoft .NET Framework 3.5 Service Pack 1
RP7: 2010-05-12 16:20:52 - Installed Java(TM) 6 Update 18
RP8: 2010-05-12 16:21:17 - Installed User Profile Helper Cleanup Service
RP9: 2010-05-12 16:21:27 - Installed Alt-Tab Task Switcher Powertoy for Windows XP
.
==== Installed Programs ======================
.
µTorrent
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.5
ALLPlayer V4.X
Archiwizator WinRAR
AVG 8.5
AVG Identity Protection
BearShare
BitMeter
DAEMON Tools Lite
EuroPlus+ Angielski z Cambridge
Foxit Reader
Gadu-Gadu 10
Google Chrome
Google Earth Plug-in
Google Update Helper
Grand Theft Auto Vice City
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Icy Tower v1.4
Intel(R) Graphics Media Accelerator Driver
ISO Commander 1.6 (remove only)
Java Auto Updater
Java(TM) 6 Update 24
Malwarebytes' Anti-Malware wersja 1.51.0.1200
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 1.1 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mobile Partner
Mozilla Firefox 4.0.1 (x86 en-GB)
MSXML 4.0 SP3 Parser (KB973685)
NapiProjekt 1.0.6.9
Nokia Connectivity Cable Driver
NVIDIA Drivers
NVIDIA PhysX v8.10.29
Odkurzacz 12.2
Open Command Prompt Shell Extension (x86-32)
OpenAL
OpenOffice.org 3.2
Paint.NET v3.5.5
PeerGuardian 2.0
Puzzle Quest
QuickTime Alternative 3.1.0
Realtek High Definition Audio Driver
RegistryFix v7.0
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype™ 5.0
System Requirements Lab CYRI
Total Uninstall 5.8.0
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
User Profile Helper Cleanup Service
Vimicro UVC Camera
VLC media player 1.1.4
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Player Firefox Plugin
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
YDP Flash Speech Recognition Support 1.0
.
==== Event Viewer Messages From Past Week ========
.
2011-06-07 17:41:51, error: SR [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2011-06-06 05:58:49, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
2011-06-06 05:58:10, error: SR [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'LastGood' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
.
==== End Of File ===========================

 

[Bobbye]

Please explain to me:
1. What is slow? Loading? Surfing? Shutdown?
2. What type of 'cleaning' are you referring to> Regular maintenance? Malware? Or both?
3. How much RAM do you have installed? (Control Panel> System> Properties)
=====================================
I recommend uninstalling all of the following:
The first 2 are file sharing programs
µTorrent
BearShare
The following are unnecessary processes for functions that can be done with what is already on the OS:
BitMeter
Odkurzacz 12.2
RegistryFix v7.0
Total Uninstall 5.8.0
User Profile Helper Cleanup Service
c:\program files\allplayer\ALLUpdate.exe"<<<<<< Malware
=================================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
=====================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=========================================
Please leave the Comofix and Eset scan logs in your next reply.

 

[chidori]

1.startup and browsing, 2.mostly just ativirus scanning,3. 2.96 ram ESET: C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\4cb45281-5a02d592 multiple threats
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\6e433856-570fc694 probably a variant of Win32/Agent.RPSVWU trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\24\42f2dad8-4441b72b probably a variant of Win32/Agent.RPSVWU trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\20d825dc-70987555 multiple threats
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\3\64414e83-241c4b5a a variant of Java/Agent.BR trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\32\31cee7a0-7eb1de93 probably a variant of Java/Agent.BR trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\49\665ffb1-59a38539 probably a variant of Java/Agent.BR trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\fea4bbe-7b56b0f6 a variant of Java/Agent.BR trojan
C:\Program Files\EuroPlus+ Angielski z Cambridge\data\fscommand\flchk.exe probably a variant of Win32/Agent.FKLKKJW trojan p.s. i cant run combofix because of AVG any suggestions?

 

[Bobbye]

Sorry- I should have left this for you. AVG has left no way for us to disable it to run Combofix so it has to be temporarily uninstalled first:
Download AppRemover and save to the desktop

1. Double click the setup on the desktop> click Next
2. Select “Remove Security Application”
3. Let scan finish to determine security apps
4. A screen like below will appear:
   
   
5. Click on Next after choice has been made
6. Check the AVG program you want to uninstall
7. After uninstall shows complete, follow online prompts to Exit the program.

There is no log to leave for the App Remover.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Reboot the computer after removing AVG and installing one of the Temp AV programs. Combofix should run okay now.
=============================
Most of the malware is in the Java cache, so we will empty it: (No log for this)
To clear the Java Plug-in cache:

• 
  [1]. Click Start > Control Panel.
  [2]. Double-click the Java icon in the control panel.
  
  The Java Control Panel appears.
  
  
  
  [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
  
  
  
  [4] Click Delete Files.The Delete Temporary Files dialog box appears.
  
  
  
  [5]. Click OK on Delete Temporary Files window.
  Note: This deletes all the Downloaded Applications and Applets from the cache.
  [6]. Click Apply> OK on Temporary Files Settings window.

Images courtesy java.com
=======================================
Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files  
  C:\Program Files\EuroPlus+ Angielski z Cambridge\data\fscommand\flchk.exe
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
===================================
Please leave OTM log after running and Combofix log in your next reply.

 

[chidori]

ComboFix 11-06-15.04 - Owner 2011-06-16 14:12:06.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.48.1033.18.3033.2222 [GMT 1:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\WINDOWS
c:\windows\ST6UNST.000
c:\windows\system32\system
.
.
((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
.
.
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\xircom
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\wbem\snmp
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\oobe
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\program files\microsoft frontpage
2011-06-16 13:03 . 2011-06-16 13:04 -------- d-----w- c:\windows\LastGood.Tmp
2011-06-16 12:59 . 2011-06-16 12:59 -------- d-----w- C:\_OTM
2011-06-16 12:55 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-16 12:55 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-16 12:55 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-16 12:55 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\program files\Avira
2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-14 12:35 . 2011-06-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-14 12:35 . 2011-06-14 12:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-14 09:10 . 2011-06-14 09:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Divo Games
2011-06-12 21:30 . 2011-06-12 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-12 21:29 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-12 21:29 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 19:01 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax
2011-06-06 17:48 . 2011-06-06 17:48 -------- d--h--w- c:\windows\PIF
2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\program files\OpenAL
2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\windows\Puzzle Quest
2011-06-05 11:58 . 2011-06-05 12:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-05 11:57 . 2011-06-05 11:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-05 11:57 . 2011-06-05 12:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2011-06-05 11:57 . 2011-06-05 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-06-04 17:46 . 2011-06-11 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 12:59 . 2011-06-14 17:17 -------- d-----w- c:\program files\PeerGuardian2
2011-05-30 10:05 . 2011-05-30 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2011-05-30 10:04 . 2011-05-30 10:07 -------- d-----w- c:\program files\Gry.Pl
2011-05-26 09:36 . 2011-05-26 09:39 -------- d-----w- c:\program files\SubEdit-Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-16 18:21 . 2011-05-16 18:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-23 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
.
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-22 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-22 150040]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-01-23 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2010-6-13 1462272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-06-05 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-16 136360]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-12 110080]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-08-16 242048]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2010-01-23 9472]
S2 gupdate;Usluga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-07-25 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-09-17 16512]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 gupdatem;Usluga Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
.
2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hgyo0tmo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig#
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Notify-avgrsstarter - (no file)
Notify-RailNotification - (no file)
AddRemove-Gadu-Gadu 10 - c:\program files\Gadu-Gadu 10\Uninstall.exe
AddRemove-Marine Puzzle_is1 - c:\program files\GameTop.com\Marine Puzzle\unins000.exe
AddRemove-Mobile Partner - c:\program files\Mobile Partner\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-16 14:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithList]
@Class="Shell"
"a"="uTorrent.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithProgids]
"4+_auto_file"=hex(0):
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
.
**************************************************************************
.
Completion time: 2011-06-16 14:22:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-16 13:22
.
Pre-Run: 14*045*884*416 bytes free
Post-Run: 13*960*540*160 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 6655CF49F48FEF835DD4566905C150F8

All processes killed
========== FILES ==========
C:\Program Files\EuroPlus+ Angielski z Cambridge\data\fscommand\flchk.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Custom Settings

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 119132947 bytes
->Temporary Internet Files folder emptied: 6513860 bytes
->Java cache emptied: 7434817 bytes
->FireFox cache emptied: 282085402 bytes
->Google Chrome cache emptied: 142594659 bytes
->Opera cache emptied: 450382 bytes
->Flash cache emptied: 290657 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 44256249 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4710660547 bytes

Total Files Cleaned = 5*067,00 mb


OTM by OldTimer - Version 3.1.18.0 log created on 06162011_135927
thanks

 

[Bobbye]

I strongly recommend that you 'clean' the system on a regular basis: From OTM:
Total Files Cleaned = 5*067,00 mb.
RecycleBin emptied: 4710660547 bytes

This is such an extraoridinary number, it is very obvious that even excluding any malware, you aren't doing any maintenance on the system.

This was the main reason you were slow. How can you expect anything less while carrying around all those files?!
=========================================================
I stronglt recommend that you do this if you have not done so already:

=====================================
I recommend uninstalling all of the following:
The first 2 are file sharing programs
µTorrent
BearShare
The following are unnecessary processes for functions that can be done with what is already on the OS:
BitMeter
Odkurzacz 12.2
RegistryFix v7.0
Total Uninstall 5.8.0
User Profile Helper Cleanup Service
c:\program files\allplayer\ALLUpdate.exe"<<<<<< Malware

========================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

KillAll::
File::
c:\windows\system32\drivers\dumpdrv.sys
Extra::
File::
Firefox::
Firefix-: - Profile - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\
Firefox-: - prefs.js-Search.DefaultURL
DDS::
uStart Page = hxxp://search.bearshare.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=-
Driver::
DumpDrv
FCopy::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
=========================================
Adobe Reader v5: Uninstall in Add/Remove Programs as you have the FoxIt PDF Reader.
Update Java: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.(v6u24)
=========================================
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
• Copy the content of the following codebox into the main textfield:
  

  :filefind
  wscntfy.*

• Click the Look button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

 

[chidori]

ComboFix 11-06-17.04 - Owner 2011-06-17 22:03:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.48.1033.18.3033.2450 [GMT 1:00]
Running from: d:\desktop\ComboFix.exe
Command switches used :: d:\desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\dumpdrv.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\dumpdrv.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DumpDrv
.
.
((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
.
.
2011-06-17 16:05 . 2011-06-17 16:05 -------- d-----w- c:\program files\Common Files\Java
2011-06-16 18:14 . 2011-06-16 18:14 -------- d-----w- c:\program files\MSECache
2011-06-16 13:25 . 2011-06-16 13:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\xircom
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\wbem\snmp
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\oobe
2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\program files\microsoft frontpage
2011-06-16 12:59 . 2011-06-16 12:59 -------- d-----w- C:\_OTM
2011-06-16 12:55 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-16 12:55 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-16 12:55 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-06-16 12:55 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\program files\Avira
2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-06-14 12:35 . 2011-06-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-14 12:35 . 2011-06-14 12:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-14 09:10 . 2011-06-14 09:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Divo Games
2011-06-12 21:30 . 2011-06-12 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-12 21:29 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-12 21:29 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-11 19:01 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax
2011-06-06 17:48 . 2011-06-06 17:48 -------- d--h--w- c:\windows\PIF
2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\program files\OpenAL
2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\windows\Puzzle Quest
2011-06-05 11:58 . 2011-06-05 12:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-05 11:57 . 2011-06-05 11:58 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-06-05 11:57 . 2011-06-05 12:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
2011-06-05 11:57 . 2011-06-05 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2011-06-04 17:46 . 2011-06-11 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-03 12:59 . 2011-06-14 17:17 -------- d-----w- c:\program files\PeerGuardian2
2011-05-30 10:05 . 2011-05-30 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
2011-05-30 10:04 . 2011-05-30 10:07 -------- d-----w- c:\program files\Gry.Pl
2011-05-26 09:36 . 2011-05-26 09:39 -------- d-----w- c:\program files\SubEdit-Player
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-04 03:52 . 2010-05-12 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25 . 2010-05-12 16:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-16 18:21 . 2011-05-16 18:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-01-23 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
.
.
c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2011-06-16_13.18.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-10-26 12:40 . 2006-10-26 12:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
+ 2011-06-17 21:11 . 2011-06-17 21:11 16384 c:\windows\temp\Perflib_Perfdata_70c.dat
+ 2008-04-14 11:00 . 2011-06-16 13:23 77570 c:\windows\system32\perfc009.dat
- 2008-04-14 11:00 . 2011-06-16 13:07 77570 c:\windows\system32\perfc009.dat
+ 2011-06-16 18:14 . 2011-06-16 18:14 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
+ 2006-10-26 12:40 . 2006-10-26 12:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
- 2008-04-14 11:00 . 2011-06-16 13:07 461830 c:\windows\system32\perfh009.dat
+ 2008-04-14 11:00 . 2011-06-16 13:23 461830 c:\windows\system32\perfh009.dat
- 2011-04-11 13:56 . 2011-02-02 20:40 157472 c:\windows\system32\javaws.exe
+ 2011-06-17 16:04 . 2011-05-04 03:52 157472 c:\windows\system32\javaws.exe
+ 2011-06-17 16:04 . 2011-05-04 03:52 145184 c:\windows\system32\javaw.exe
- 2011-04-11 13:56 . 2011-02-02 20:40 145184 c:\windows\system32\javaw.exe
+ 2011-06-17 16:04 . 2011-05-04 03:52 145184 c:\windows\system32\java.exe
- 2011-04-11 13:56 . 2011-02-02 20:40 145184 c:\windows\system32\java.exe
+ 2010-05-12 15:44 . 2011-06-17 05:31 203328 c:\windows\system32\FNTCACHE.DAT
+ 2011-06-17 16:05 . 2011-06-17 16:05 203776 c:\windows\Installer\c96a1.msi
+ 2011-06-16 18:14 . 2011-06-16 18:14 360448 c:\windows\Installer\10f8cae.msi
+ 2006-10-26 12:40 . 2006-10-26 12:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2006-10-26 12:40 . 2006-10-26 12:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-22 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-22 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-22 150040]
"RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-01-23 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2010-6-13 1462272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RailNotification]
[BU]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-06-05 218688]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-16 136360]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-12 110080]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-08-16 242048]
S2 gupdate;Usluga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-07-25 1691480]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-09-17 16512]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
S3 gupdatem;Usluga Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
.
2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hgyo0tmo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig#
FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-17 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithList]
@Class="Shell"
"a"="uTorrent.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithProgids]
"4+_auto_file"=hex(0):
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1180)
c:\windows\system32\WININET.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
c:\program files\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2011-06-17 22:15:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-17 21:15
ComboFix2.txt 2011-06-16 13:22
.
Pre-Run: 13*417*435*136 bytes free
Post-Run: 13*409*484*800 bytes free
.
- - End Of File - - 21B35C60E35911D3049A9B262AFC8D8F
SystemLook 04.09.10 by jpshortstuff
Log created at 22:17 on 17/06/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "wscntfy.*"
No files found.

-= EOF =-

 

[Bobbye]

Kindly revisit this:

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Reminder to be patient

If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.

=====================================
You have given me almost no information. I first asked:

Also describe problems-other than 'slow' if any.

Got no answer, so I was more specific:

Please explain to me:
1. What is slow? Loading? Surfing? Shutdown? Answered
2. What type of 'cleaning' are you referring to> Regular maintenance? Malware? Or both?
Partly answered. You did not give any indication of what problems you were having scanning with AVG.
3. How much RAM do you have installed? (Control Panel> System> Properties) The RAM figure of 2.96 which I assume to be 2.96GB indicates you're maxed out on RAM for a 32bit system. You may have put chips adding up to 4GB, but the system won't recognize over 3GB because of it's design

And then recommended:

I recommend uninstalling all of the following:
The first 2 are file sharing programs
µTorrent
BearShare
The following are unnecessary processes for functions that can be done with what is already on the OS:
BitMeter
Odkurzacz 12.2
RegistryFix v7.0
Total Uninstall 5.8.0
User Profile Helper Cleanup Service
c:\program files\allplayer\ALLUpdate.exe"<<<<<< Malware

You did not reply if this had been done and if it had, if the system speeded up at all.

I gave you instructions to empty the Java cache because of malware entries. Did you do it?

And you sent me a PM 'reminder'-again- to look at your logs after 1 day. If you still need assistance, please give me some specific information about the current problem. "Slow" doesn't mean much when a system is a full of old files as yours was!