TechSpot

Pc is working slowly, not cleaned in long time

Inactive
By chidori
Jun 13, 2011
  1. .
    DDS (Ver_2011-06-12.02) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Owner at 9:54:19 on 2011-06-13
    Microsoft Windows XP Professional 5.1.2600.3.1252.48.1033.18.3033.2267 [GMT 1:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
    svchost.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgfws8.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
    svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k UPHClean
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.bearshare.com/
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: IplexToALLPlayer: {df925ef3-7a87-44e4-9caf-8d7b280bf616} - c:\progra~1\allpla~1\iplex\IPLEXT~1.DLL
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: IEPluginBHO: {f5cc7f02-6f4e-4462-b5b1-394a57fd3e0d} - IEPluginBHO Class
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [AVGIDS] "c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSUI.exe"
    mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bitmet~1.lnk - c:\program files\codebox\bitmeter\BitMeter2.exe
    mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: MaxRecentDocs = 18 (0x12)
    mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
    mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 nwprovau
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig#
    FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\extensions\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\all users\application data\gadu-gadu 10\_userdata\npgg.4.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npganymedenet.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\opera\program\plugins\NPDocBox.dll
    FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2009-2-26 25608]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-7-26 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-26 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-26 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-26 108552]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-5 218688]
    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2010-7-27 908056]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2010-7-27 297752]
    R2 avgfws8;AVG8 Firewall;c:\progra~1\avg\avg8\avgfws8.exe [2010-7-27 1370488]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSAgent.exe [2009-2-26 5576712]
    R2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\avg\avg8\identityprotection\agent\bin\AVGIDSWatcher.exe [2009-2-26 563720]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-26 29208]
    R3 AVGIDSDriver;AVGIDSDriver;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-2-26 121352]
    R3 AVGIDSFilter;AVGIDSFilter;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-2-26 30216]
    R3 AVGIDSShim;AVGIDSShim;c:\program files\avg\avg8\identityprotection\agent\driver\platform_xp\AVGIDSShim.sys [2009-2-26 27232]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-5-12 110080]
    R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-8-16 242048]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2010-1-23 9472]
    S2 gupdate;Usluga Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 133104]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-7-25 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-17 16512]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2010-10-26 947528]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-26 29208]
    S3 gupdatem;Usluga Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-12 39984]
    .
    =============== Created Last 30 ================
    .
    2011-06-12 21:30:05 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
    2011-06-12 21:29:55 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-12 21:29:53 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-06-12 21:29:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-12 21:29:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-11 19:01:48 810496 ----a-w- c:\windows\system32\xvidcore.dll
    2011-06-11 19:01:48 797184 ----a-w- c:\windows\system32\ac3filter.ax
    2011-06-11 19:01:48 258048 ----a-w- c:\windows\system32\libFLAC.dll
    2011-06-11 19:01:42 -------- d-----w- c:\program files\ALLPlayer
    2011-06-06 17:48:17 -------- d--h--w- c:\windows\PIF
    2011-06-05 12:04:52 -------- d-----w- c:\program files\OpenAL
    2011-06-05 12:04:41 -------- d-----w- c:\windows\Puzzle Quest
    2011-06-05 12:04:40 -------- d-----w- c:\program files\Puzzle Quest
    2011-06-05 11:58:41 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-06-05 11:57:42 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-06-05 11:57:21 -------- d-----w- c:\documents and settings\owner\application data\DAEMON Tools Lite
    2011-06-05 11:57:21 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
    2011-06-04 20:17:47 -------- d-----w- c:\program files\Terminal Reality
    2011-06-04 17:46:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-03 12:59:01 -------- d-----w- c:\program files\PeerGuardian2
    2011-05-30 10:05:04 -------- d-----w- c:\documents and settings\all users\application data\AlawarWrapper
    2011-05-30 10:04:32 -------- d-----w- c:\program files\Gry.Pl
    2011-05-26 09:36:06 -------- d-----w- c:\program files\SubEdit-Player
    2011-05-16 18:21:38 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-05-16 18:21:38 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-05-16 18:21:38 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-05-16 18:21:38 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-05-16 18:21:38 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-05-16 18:21:37 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
    2011-05-16 18:21:37 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
    2011-05-16 18:21:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-05-16 14:56:23 25600 ----a-w- c:\windows\system32\drivers\hidbth.sys
    2011-05-16 14:55:37 37888 ----a-w- c:\windows\system32\drivers\bthmodem.sys
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 9:55:16,92 ===============

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6842

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    2011-06-13 10:14:21
    mbam-log-2011-06-13 (10-14-21).txt

    Scan type: Quick scan
    Objects scanned: 146048
    Time elapsed: 7 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! Please not ethat that this forum is not a 'laundry service.' There are many reasons for a slow computer.

    Your antivirus program AVG v8 is out of date.
    You have no antimalware (spyware) programs running except what is bundled in AVG and out of date..
    You can expect problems due to your file sharing.


    There is another log from DDS. It is named Attach.txt. If you think you have malware, please include that log in you next reply (do not zip it) so I can see what other vulnerabilities you may have in addition to BearShare..
    Complete the additional steps in the Preliminary Virus and Malware Removal thread HERE
    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Also describe problems-other than 'slow' if any.
    ===========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Reminder to be patient
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. chidori

    chidori TS Rookie Topic Starter

    thx for the fast response,i have updated the antivirus,what antimalware you can suggest? thanx a lot
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2010-05-12 22:12:45
    System Uptime: 2011-06-13 09:42:55 (0 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R510/P510
    Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1995/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 29 GiB total, 1,222 GiB free.
    D: is FIXED (NTFS) - 120 GiB total, 50,09 GiB free.
    E: is CDROM ()
    F: is CDROM (CDFS)
    G: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Atheros AR5007EG Wireless Network Adapter
    Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&1A9C2D41&0&00E0
    Manufacturer: Atheros
    Name: Atheros AR5007EG Wireless Network Adapter
    PNP Device ID: PCI\VEN_168C&DEV_001C&SUBSYS_7131144F&REV_01\4&1A9C2D41&0&00E0
    Service: AR5416
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_C042144D&REV_13\4&3905AE0C&0&00E3
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8055 PCI-E Gigabit Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4363&SUBSYS_C042144D&REV_13\4&3905AE0C&0&00E3
    Service: yukonwxp
    .
    Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
    Description: SM Bus Controller
    Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_C042144D&REV_03\3&11583659&0&FB
    Manufacturer:
    Name: SM Bus Controller
    PNP Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_C042144D&REV_03\3&11583659&0&FB
    Service:
    .
    ==== System Restore Points ===================
    .
    RP1: 2010-05-12 22:14:39 - System Checkpoint
    RP2: 2010-05-12 16:16:33 - Installed Microsoft .NET Framework 2.0 Service Pack 2
    RP3: 2010-05-12 16:18:16 - Installed Windows KB971276-v3.
    RP4: 2010-05-12 16:18:25 - Installed RGB9RAST
    RP5: 2010-05-12 16:18:29 - Installed Microsoft .NET Framework 3.0 Service Pack 2
    RP6: 2010-05-12 16:19:52 - Installed Microsoft .NET Framework 3.5 Service Pack 1
    RP7: 2010-05-12 16:20:52 - Installed Java(TM) 6 Update 18
    RP8: 2010-05-12 16:21:17 - Installed User Profile Helper Cleanup Service
    RP9: 2010-05-12 16:21:27 - Installed Alt-Tab Task Switcher Powertoy for Windows XP
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Acrobat 5.0
    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    ALLPlayer V4.X
    Archiwizator WinRAR
    AVG 8.5
    AVG Identity Protection
    BearShare
    BitMeter
    DAEMON Tools Lite
    EuroPlus+ Angielski z Cambridge
    Foxit Reader
    Gadu-Gadu 10
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Grand Theft Auto Vice City
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Icy Tower v1.4
    Intel(R) Graphics Media Accelerator Driver
    ISO Commander 1.6 (remove only)
    Java Auto Updater
    Java(TM) 6 Update 24
    Malwarebytes' Anti-Malware wersja 1.51.0.1200
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 Service Pack 1
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mobile Partner
    Mozilla Firefox 4.0.1 (x86 en-GB)
    MSXML 4.0 SP3 Parser (KB973685)
    NapiProjekt 1.0.6.9
    Nokia Connectivity Cable Driver
    NVIDIA Drivers
    NVIDIA PhysX v8.10.29
    Odkurzacz 12.2
    Open Command Prompt Shell Extension (x86-32)
    OpenAL
    OpenOffice.org 3.2
    Paint.NET v3.5.5
    PeerGuardian 2.0
    Puzzle Quest
    QuickTime Alternative 3.1.0
    Realtek High Definition Audio Driver
    RegistryFix v7.0
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2483614)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 5.0
    System Requirements Lab CYRI
    Total Uninstall 5.8.0
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows Internet Explorer 8 (KB980302)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    User Profile Helper Cleanup Service
    Vimicro UVC Camera
    VLC media player 1.1.4
    WebFldrs XP
    Winamp
    Winamp Detector Plug-in
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
    Windows Media Player Firefox Plugin
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    YDP Flash Speech Recognition Support 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2011-06-07 17:41:51, error: SR [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'ntuser.ini' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    2011-06-06 05:58:49, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
    2011-06-06 05:58:10, error: SR [1] - The System Restore filter encountered the unexpected error '0xC0000035' while processing the file 'LastGood' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please explain to me:
    1. What is slow? Loading? Surfing? Shutdown?
    2. What type of 'cleaning' are you referring to> Regular maintenance? Malware? Or both?
    3. How much RAM do you have installed? (Control Panel> System> Properties)
    =====================================
    I recommend uninstalling all of the following:
    The first 2 are file sharing programs
    µTorrent
    BearShare

    The following are unnecessary processes for functions that can be done with what is already on the OS:
    BitMeter
    Odkurzacz 12.2
    RegistryFix v7.0
    Total Uninstall 5.8.0
    User Profile Helper Cleanup Service
    c:\program files\allplayer\ALLUpdate.exe"<<<<<< Malware

    =================================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =====================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =========================================
    Please leave the Comofix and Eset scan logs in your next reply.
     
  5. chidori

    chidori TS Rookie Topic Starter

    1.startup and browsing, 2.mostly just ativirus scanning,3. 2.96 ram ESET: C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\1\4cb45281-5a02d592 multiple threats
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\6e433856-570fc694 probably a variant of Win32/Agent.RPSVWU trojan
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\24\42f2dad8-4441b72b probably a variant of Win32/Agent.RPSVWU trojan
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\28\20d825dc-70987555 multiple threats
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\3\64414e83-241c4b5a a variant of Java/Agent.BR trojan
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\32\31cee7a0-7eb1de93 probably a variant of Java/Agent.BR trojan
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\49\665ffb1-59a38539 probably a variant of Java/Agent.BR trojan
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\62\fea4bbe-7b56b0f6 a variant of Java/Agent.BR trojan
    C:\Program Files\EuroPlus+ Angielski z Cambridge\data\fscommand\flchk.exe probably a variant of Win32/Agent.FKLKKJW trojan p.s. i cant run combofix because of AVG any suggestions?
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Sorry- I should have left this for you. AVG has left no way for us to disable it to run Combofix so it has to be temporarily uninstalled first:
    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.
    There is no log to leave for the App Remover.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Reboot the computer after removing AVG and installing one of the Temp AV programs. Combofix should run okay now.
    =============================
    Most of the malware is in the Java cache, so we will empty it: (No log for this)
    To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    =======================================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Program Files\EuroPlus+ Angielski z Cambridge\data\fscommand\flchk.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ===================================
    Please leave OTM log after running and Combofix log in your next reply.
     
  7. chidori

    chidori TS Rookie Topic Starter

    ComboFix 11-06-15.04 - Owner 2011-06-16 14:12:06.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.48.1033.18.3033.2222 [GMT 1:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Owner\WINDOWS
    c:\windows\ST6UNST.000
    c:\windows\system32\system
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\xircom
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\wbem\snmp
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\oobe
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\program files\microsoft frontpage
    2011-06-16 13:03 . 2011-06-16 13:04 -------- d-----w- c:\windows\LastGood.Tmp
    2011-06-16 12:59 . 2011-06-16 12:59 -------- d-----w- C:\_OTM
    2011-06-16 12:55 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-16 12:55 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-16 12:55 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-16 12:55 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\program files\Avira
    2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-14 12:35 . 2011-06-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-06-14 12:35 . 2011-06-14 12:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-14 09:10 . 2011-06-14 09:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Divo Games
    2011-06-12 21:30 . 2011-06-12 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2011-06-12 21:29 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-12 21:29 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 19:01 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax
    2011-06-06 17:48 . 2011-06-06 17:48 -------- d--h--w- c:\windows\PIF
    2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\program files\OpenAL
    2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\windows\Puzzle Quest
    2011-06-05 11:58 . 2011-06-05 12:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-06-05 11:57 . 2011-06-05 11:58 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-06-05 11:57 . 2011-06-05 12:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
    2011-06-05 11:57 . 2011-06-05 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2011-06-04 17:46 . 2011-06-11 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-03 12:59 . 2011-06-14 17:17 -------- d-----w- c:\program files\PeerGuardian2
    2011-05-30 10:05 . 2011-05-30 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
    2011-05-30 10:04 . 2011-05-30 10:07 -------- d-----w- c:\program files\Gry.Pl
    2011-05-26 09:36 . 2011-05-26 09:39 -------- d-----w- c:\program files\SubEdit-Player
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-16 18:21 . 2011-05-16 18:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-01-23 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    .
    .
    c:\windows\System32\wscntfy.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-22 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-22 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-22 150040]
    "RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2010-01-23 128512]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2010-6-13 1462272]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 18 (0x12)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-06-05 218688]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-16 136360]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-12 110080]
    R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-08-16 242048]
    S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [2010-01-23 9472]
    S2 gupdate;Usluga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-07-25 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-09-17 16512]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
    S3 gupdatem;Usluga Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
    .
    2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.bearshare.com/
    TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hgyo0tmo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig#
    FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    Notify-avgrsstarter - (no file)
    Notify-RailNotification - (no file)
    AddRemove-Gadu-Gadu 10 - c:\program files\Gadu-Gadu 10\Uninstall.exe
    AddRemove-Marine Puzzle_is1 - c:\program files\GameTop.com\Marine Puzzle\unins000.exe
    AddRemove-Mobile Partner - c:\program files\Mobile Partner\uninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-16 14:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithList]
    @Class="Shell"
    "a"="uTorrent.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithProgids]
    "4+_auto_file"=hex(0):
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2668)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\rundll32.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-16 14:22:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-16 13:22
    .
    Pre-Run: 14*045*884*416 bytes free
    Post-Run: 13*960*540*160 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
    .
    - - End Of File - - 6655CF49F48FEF835DD4566905C150F8

    All processes killed
    ========== FILES ==========
    C:\Program Files\EuroPlus+ Angielski z Cambridge\data\fscommand\flchk.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Custom Settings

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 119132947 bytes
    ->Temporary Internet Files folder emptied: 6513860 bytes
    ->Java cache emptied: 7434817 bytes
    ->FireFox cache emptied: 282085402 bytes
    ->Google Chrome cache emptied: 142594659 bytes
    ->Opera cache emptied: 450382 bytes
    ->Flash cache emptied: 290657 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 44256249 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 4710660547 bytes

    Total Files Cleaned = 5*067,00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 06162011_135927
    thanks
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I strongly recommend that you 'clean' the system on a regular basis: From OTM:
    Total Files Cleaned = 5*067,00 mb.
    RecycleBin emptied: 4710660547 bytes

    This is such an extraoridinary number, it is very obvious that even excluding any malware, you aren't doing any maintenance on the system.

    This was the main reason you were slow. How can you expect anything less while carrying around all those files?!
    =========================================================
    I stronglt recommend that you do this if you have not done so already:
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    KillAll::
    File::
    c:\windows\system32\drivers\dumpdrv.sys
    Extra::
    File::
    Firefox::
    Firefix-: - Profile - c:\documents and settings\owner\application data\mozilla\firefox\profiles\hgyo0tmo.default\
    Firefox-: - prefs.js-Search.DefaultURL
    DDS::
    uStart Page = hxxp://search.bearshare.com/
    mWinlogon: SfcDisable=-99 (0xffffff9d)
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=-
    Driver::
    DumpDrv
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    =========================================
    Adobe Reader v5: Uninstall in Add/Remove Programs as you have the FoxIt PDF Reader.
    Update Java: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.(v6u24)
    =========================================
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    • Double-click SystemLook.exe to run it.
    • Copy the content of the following codebox into the main textfield:
      Code:
      
      :filefind
      wscntfy.*
      
      
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  9. chidori

    chidori TS Rookie Topic Starter

    ComboFix 11-06-17.04 - Owner 2011-06-17 22:03:23.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.48.1033.18.3033.2450 [GMT 1:00]
    Running from: d:\desktop\ComboFix.exe
    Command switches used :: d:\desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\drivers\dumpdrv.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\dumpdrv.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_DumpDrv
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-17 to 2011-06-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-17 16:05 . 2011-06-17 16:05 -------- d-----w- c:\program files\Common Files\Java
    2011-06-16 18:14 . 2011-06-16 18:14 -------- d-----w- c:\program files\MSECache
    2011-06-16 13:25 . 2011-06-16 13:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Avira
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\xircom
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\wbem\snmp
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\windows\system32\oobe
    2011-06-16 13:18 . 2011-06-16 13:18 -------- d-----w- c:\program files\microsoft frontpage
    2011-06-16 12:59 . 2011-06-16 12:59 -------- d-----w- C:\_OTM
    2011-06-16 12:55 . 2011-04-01 16:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-16 12:55 . 2011-04-01 16:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-16 12:55 . 2010-06-17 14:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2011-06-16 12:55 . 2010-06-17 14:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\program files\Avira
    2011-06-16 12:55 . 2011-06-16 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2011-06-14 12:35 . 2011-06-14 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-06-14 12:35 . 2011-06-14 12:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-06-14 09:10 . 2011-06-14 09:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Divo Games
    2011-06-12 21:30 . 2011-06-12 21:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
    2011-06-12 21:29 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-06-12 21:29 . 2011-06-12 21:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-06-12 21:29 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 19:01 . 2009-09-27 22:02 797184 ----a-w- c:\windows\system32\ac3filter.ax
    2011-06-06 17:48 . 2011-06-06 17:48 -------- d--h--w- c:\windows\PIF
    2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\program files\OpenAL
    2011-06-05 12:04 . 2011-06-05 12:04 -------- d-----w- c:\windows\Puzzle Quest
    2011-06-05 11:58 . 2011-06-05 12:03 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2011-06-05 11:57 . 2011-06-05 11:58 -------- d-----w- c:\program files\DAEMON Tools Lite
    2011-06-05 11:57 . 2011-06-05 12:04 -------- d-----w- c:\documents and settings\Owner\Application Data\DAEMON Tools Lite
    2011-06-05 11:57 . 2011-06-05 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
    2011-06-04 17:46 . 2011-06-11 15:50 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-03 12:59 . 2011-06-14 17:17 -------- d-----w- c:\program files\PeerGuardian2
    2011-05-30 10:05 . 2011-05-30 10:05 -------- d-----w- c:\documents and settings\All Users\Application Data\AlawarWrapper
    2011-05-30 10:04 . 2011-05-30 10:07 -------- d-----w- c:\program files\Gry.Pl
    2011-05-26 09:36 . 2011-05-26 09:39 -------- d-----w- c:\program files\SubEdit-Player
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-04 03:52 . 2010-05-12 16:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 01:25 . 2010-05-12 16:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-16 18:21 . 2011-05-16 18:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-01-23 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    .
    .
    c:\windows\System32\wscntfy.exe ... is missing !!
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-06-16_13.18.58 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2006-10-26 12:40 . 2006-10-26 12:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80KOR.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80JPN.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ITA.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80FRA.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ESP.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80ENU.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80DEU.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHT.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\mfc80CHS.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 95744 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll
    + 2011-06-17 21:11 . 2011-06-17 21:11 16384 c:\windows\temp\Perflib_Perfdata_70c.dat
    + 2008-04-14 11:00 . 2011-06-16 13:23 77570 c:\windows\system32\perfc009.dat
    - 2008-04-14 11:00 . 2011-06-16 13:07 77570 c:\windows\system32\perfc009.dat
    + 2011-06-16 18:14 . 2011-06-16 18:14 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
    + 2006-10-26 12:40 . 2006-10-26 12:40 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
    - 2008-04-14 11:00 . 2011-06-16 13:07 461830 c:\windows\system32\perfh009.dat
    + 2008-04-14 11:00 . 2011-06-16 13:23 461830 c:\windows\system32\perfh009.dat
    - 2011-04-11 13:56 . 2011-02-02 20:40 157472 c:\windows\system32\javaws.exe
    + 2011-06-17 16:04 . 2011-05-04 03:52 157472 c:\windows\system32\javaws.exe
    + 2011-06-17 16:04 . 2011-05-04 03:52 145184 c:\windows\system32\javaw.exe
    - 2011-04-11 13:56 . 2011-02-02 20:40 145184 c:\windows\system32\javaw.exe
    + 2011-06-17 16:04 . 2011-05-04 03:52 145184 c:\windows\system32\java.exe
    - 2011-04-11 13:56 . 2011-02-02 20:40 145184 c:\windows\system32\java.exe
    + 2010-05-12 15:44 . 2011-06-17 05:31 203328 c:\windows\system32\FNTCACHE.DAT
    + 2011-06-17 16:05 . 2011-06-17 16:05 203776 c:\windows\Installer\c96a1.msi
    + 2011-06-16 18:14 . 2011-06-16 18:14 360448 c:\windows\Installer\10f8cae.msi
    + 2006-10-26 12:40 . 2006-10-26 12:40 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
    + 2006-10-26 12:40 . 2006-10-26 12:40 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-22 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-22 178712]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-22 150040]
    "RTHDCPL"="RTHDCPL.EXE" [2010-07-06 19556968]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "_nltide_3"="advpack.dll" [2010-01-23 128512]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bitmeter2.lnk - c:\program files\Codebox\BitMeter\BitMeter2.exe [2010-6-13 1462272]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "MaxRecentDocs"= 18 (0x12)
    "NoSMConfigurePrograms"= 1 (0x1)
    "NoRecentDocsNetHood"= 1 (0x1)
    "MemCheckBoxInRunDlg"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\RailNotification]
    [BU]
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-06-05 218688]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-06-16 136360]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-05-12 110080]
    R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\drivers\vmc302.sys [2010-08-16 242048]
    S2 gupdate;Usluga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-07-25 1691480]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-09-17 16512]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG8\Toolbar\ToolbarBroker.exe [?]
    S3 gupdatem;Usluga Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 133104]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
    .
    2011-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 21:01]
    .
    .
    ------- Supplementary Scan -------
    .
    TCP: DhcpNameServer = 89.101.160.4 89.101.160.5
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hgyo0tmo.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680812&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/ig#
    FF - prefs.js: keyword.URL - hxxp://radiobar.toolbarhome.com/search.aspx?srch=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-17 22:12
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithList]
    @Class="Shell"
    "a"="uTorrent.exe"
    "MRUList"="a"
    .
    [HKEY_USERS\S-1-5-21-1935655697-706699826-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.**4*$%\OpenWithProgids]
    "4+_auto_file"=hex(0):
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(1180)
    c:\windows\system32\WININET.dll
    c:\program files\Windows Media Player\wmpband.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\RTHDCPL.EXE
    c:\windows\system32\rundll32.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    c:\program files\Google\Chrome\Application\chrome.exe
    .
    **************************************************************************
    .
    Completion time: 2011-06-17 22:15:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-17 21:15
    ComboFix2.txt 2011-06-16 13:22
    .
    Pre-Run: 13*417*435*136 bytes free
    Post-Run: 13*409*484*800 bytes free
    .
    - - End Of File - - 21B35C60E35911D3049A9B262AFC8D8F
    SystemLook 04.09.10 by jpshortstuff
    Log created at 22:17 on 17/06/2011 by Owner
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "wscntfy.*"
    No files found.

    -= EOF =-
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Kindly revisit this:
    =====================================
    You have given me almost no information. I first asked:
    Got no answer, so I was more specific:
    And then recommended:
    You did not reply if this had been done and if it had, if the system speeded up at all.

    I gave you instructions to empty the Java cache because of malware entries. Did you do it?

    And you sent me a PM 'reminder'-again- to look at your logs after 1 day. If you still need assistance, please give me some specific information about the current problem. "Slow" doesn't mean much when a system is a full of old files as yours was!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.