Solved Computer acting very strange, suspect infection :(

Status
Not open for further replies.
T

tm5rto

Posts: 126   +0
Hello again, folks!

Well, it's been a nice run for awhile, but my PC is acting very strange all of a sudden again. The only thing I can think of is a recent installation of Skype, which my daughter uses. Dell XPS, Win XP Pro, AVG Free

First, when I click on IE shortcut, it launches two separate IE windows simultaneously. When I click on the dropdown arrow, it will not launch until I click on it about three times. At the same time, sometimes when I select a shortcut from the dropdown screen, it jumps to two icons ahead.

When I try to place a cursor on text, it doesn't respond. Of course, when I click on the space several times trying to place a cursor, it just highlights the word.

And of course, the huge drop in performance overall. I don't know if the settings got messed up somehow, but I suspect some sort of virus maybe.

I ran Malwarebytes, SuperAntiSpyware, HJT, AVG, and Advance System Care. None fixed the problem.

Would someone have an idea what's causing this? I appreciate any help or advice!
 

Attachments

  • hijackthis.log
    8.9 KB · Views: 1
We can't 'screen' for malware using HijackThis.

If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

When you have finished, paste the logs into your next reply. Can split over posts if needed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
 
I'm stuck dealing with GMER. I spent the day trying to get it working. Twice it caused the blue screen, once just re-started computer on it's own, and several times just stopped without giving me a chance to save the log. Bunch of times just says "The Scan stopped" I fooled it by launching the scan on both of my drives, but again terminated without letting me save the log.

Oh, and completely froze the machine several times. The AVG was turned off, as the firewall.

My machine is down to a crawl, something is seriously ailing it. Can this be done without GMER?
 
Meanwhile, here is the Malwarebytes log
 

Attachments

  • mbam-log-2010-08-28 (13-39-23).txt
    911 bytes · Views: 3
Did you run DDS? We can look at possible reasons for slow computer- it doesn't have to be from malware. One of the DDS logs will show recent System Events which may explain freeze.

You've had several problems in the past few months- don't know if they were fully resolved with exception of the thread I helped you with:
GOYINORO virus took over, please help
4/12/2010
Host files were hijacked,
Problem was resoled 4/18
I fussed at you for Morpheus and uTorrent. You said you removed, system was fine, thread was closed 4/21.
Steps were give to keep system clean and secure. This was not acknowledged.

I remember you had Vista: how much RAM do you have installed? Open the Task Manager and look to lower left> how many processes are running?
 
35 processes running, three user on this machine. I am running 3 gig of RAM, the OS is Win XP Pro, SP 3, Pentium 4, 3.4Ghz
You did a fantastic job getting rid of nasties from our machine a few months back. But now there is something else. I don't know where it's coming from. My daughter visits cartoon and games sites, are those dangerous?
 

Attachments

  • DDS.txt
    12.6 KB · Views: 2
  • Attach.txt
    15.1 KB · Views: 2
1. 35 processes is good.
2. 3 GB RAM should carry all those games.
3. You have filters set up for family safety.
4. The games and cartoons themselves usually are okay- but the sites they come from can bundle adware.
5. I would recommend you uninstall Advance System Care. Neither the site it comes from nor the program itself are good to have.
6. So far the logs are clean. But they aren't complete.
I haven't seen this before:
DDS:
R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? SASENUM;SASENUM
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free Network Redirector
S? fssfltr;fssfltr
S? MMIndexer;Media Manager Indexer
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sfsync03;StarForce Protection Synchronization Driver (version 3.x)

All drivers and Services have a ? mark- no status showing.

And for the Attach.txt log: you have this:
DDS (Ver_10-03-17.01) - NTFSx86
Run by Pyotr at 11:13:59.29 on Tue 08/31/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

============== Installed Programs ===============
Click to expand...

But you should have this:
DDS (Ver_10-03-17.01)
(the following information is only an example of what should be included in the log)

Microsoft Windows your operating system
Boot Device: \Device\HarddiskVolume2
Install Date: 10/26/2004 4:18:19 PM
System Uptime: 8/19/2010 5:51:31 PM (1 hours ago)

Motherboard: your motherboard
Processor: Your processor
==== Disk Partitions =========================
(your partitions showing space 'free')
A: is Removable
C: is FIXED (NTFS) - Yours
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============
**********
==== System Restore Points ===================
*********
RP1:***** - System Checkpoint
Click to expand...

And following the Running Processes, there should be this:
==== Event Viewer Messages From Past Week ========
******
Click to expand...

The program puts all this in automatically- where is it?

Please check the status of the Services first. Right now, I see a system problem not malware
 
Alright, so something messed up all of these settings? Could it have been Advance System Care?
Any way to fix this? Or do I have to go somewhere else for that?
 
Are these actually missing from the logs- or did they get left out? I can't determine if it's due to ASC, but that program and site are very low rated.

Might be a good idea to run DDS again and see how those logs come out. I would appreciate it if you would paste them instead of attach- split over a couple of posts if needed. We need to determine if those sections are actually not functioning or if the logs didn't generate correctly.

IF you have a problem putting new logs out, let me know. I might have to remove the current 2 DDS logs to get new ones pasted in.
 
I appreciate you're hanging in on this issue! I'll run it again. Any particular script blocking programs I should turn off? Maybe that's why I got this error
 
I ran DDS again, same result. I got an error message towards the end of the scan <Can't dind script engine "VBSCRIPT" for script "C:\Documents and settings\Pyotr\Local settings\temp\MSGB.PIF">


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pyotr at 0:02:15.34 on Wed 09/01/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

============== Running Processes ===============

C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\Media Manager\airsvcu.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\System32\snmp.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\alg.exe
C:\windows\Explorer.EXE
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\windows\system32\ctfmon.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\Pyotr\Desktop\dds.scr
C:\windows\System32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k HTTPFilter
C:\windows\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.excite.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Send Image to Photo Library - file://c:\program files\mgi\mgi photosuite ii\temp\MGI00000.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/da/PCPitStop.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/optimize2/pcpitstop2.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pyotr\applic~1\mozilla\firefox\profiles\sa12336g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

============= SERVICES / DRIVERS ===============

R? fsssvc;Windows Live Family Safety Service
R? gupdate;Google Update Service (gupdate)
R? SASENUM;SASENUM
S? avg9wd;AVG Free WatchDog
S? AvgLdx86;AVG Free AVI Loader Driver x86
S? AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86
S? AvgTdiX;AVG Free Network Redirector
S? fssfltr;fssfltr
S? MMIndexer;Media Manager Indexer
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? sfsync03;StarForce Protection Synchronization Driver (version 3.x)

=============== Created Last 30 ================

2010-09-01 00:29:30 54156 ---ha-w- c:\windows\QTFont.qfn
2010-09-01 00:29:30 1409 ----a-w- c:\windows\QTFont.for
2010-08-31 19:20:15 9216 ----a-w- c:\windows\system32\escdev.dll
2010-08-31 19:20:11 65793 ----a-w- c:\windows\system32\esfw54.bin
2010-08-31 19:20:11 63488 ----a-w- c:\windows\system32\eswia54.dll
2010-08-31 19:20:11 3584 ----a-w- c:\windows\system32\eswiaml.dll
2010-08-31 19:20:11 172032 ----a-w- c:\windows\system32\esint54.dll
2010-08-31 19:19:40 0 d-----w- C:\EPSON
2010-08-30 01:23:28 0 d-----w- C:\Copy of My Music
2010-08-29 15:27:37 0 d-----w- c:\program files\ESET
2010-08-27 06:38:35 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-11 16:11:58 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-08-11 16:09:11 0 d-----w- c:\program files\Windows Live SkyDrive
2010-08-05 19:01:03 0 d-----w- c:\program files\i2k Quickage
2010-08-03 16:25:47 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-08-03 16:25:46 159232 ----a-w- c:\windows\system32\ptpusd.dll

==================== Find3M ====================

2010-07-18 12:23:37 87608 ----a-w- c:\docume~1\pyotr\applic~1\inst.exe
2010-07-18 12:23:37 47360 ----a-w- c:\docume~1\pyotr\applic~1\pcouffin.sys
2010-07-18 12:15:31 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-16 13:16:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:16:42 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:16:09 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-08-29 16:48:10 1438 ----a-w- c:\program files\FAMILY.CRD
2006-08-23 17:54:07 14897 ----a-w- c:\program files\USBP.CRD
2006-06-27 19:19:09 6658 ----a-w- c:\program files\HOME.CRD
2006-05-07 03:00:17 17077 ----a-w- c:\program files\PHONES.CRD
2005-06-08 00:17:48 7052088 ----a-w- c:\program files\Photoshop_albumSE_en_us_300.exe
2003-09-08 19:13:28 1045 ----a-w- c:\program files\B-DAYS.CRD
2002-07-27 01:02:06 153088 ----a-w- c:\program files\UNWISE.EXE
2002-01-17 22:38:32 1508 ----a-w- c:\program files\CONTACTS.CRD
1993-11-01 08:11:00 93184 ----a-w- c:\program files\CARDFILE.EXE
2007-07-27 15:32:04 8 --sh--r- c:\windows\system32\6617DEA441.sys
2007-08-05 06:46:48 8762 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-02-01 17:06:22 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009020120090202\index.dat

============= FINISH: 0:02:32.21 ===============
 
Here is the Atach file


==== Installed Programs ======================

Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.4
Advanced GIF Animator 3.0
AGEIA PhysX v7.11.13
ArcSoft PhotoStudio 5.5
Ashampoo Burning Studio 6 FREE
AusLogics Registry Defrag
Avery Wizard 3.1
AVG Free 9.0
Battlefield: Bad Company™ 2
Belarc Advisor 7.2
Call of Duty - United Offensive
Call of Duty(R) - World at War(TM) 1.1 Patch
Call of Duty(R) - World at War(TM) 1.2 Patch
Call of Duty(R) - World at War(TM) 1.3 Patch
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon My Printer
Canon PhotoRecord
Canon Utilities PhotoStitch 3.1
CCleaner (remove only)
Corel Snapfire DVD Maker
Corel Snapfire Plus
Creative AudioHQ
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Crysis WARHEAD(R)
Dawn Of War - Winter Assault
Dell Driver Reset Tool
Dell ResourceCD
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DVD Decrypter (Remove Only)
DVD43 v4.4.0
EA Download Manager
Easy CD & DVD Creator 6
EPSON Perf 4490P Guide
EPSON Scan
EPSON Scan Assistant
ESET Online Scanner v3
Fancy DVD Copy V3.2.0
Fantastic Ocean 3D Screensaver v1.4
Far Cry (Patch 1.4)
Far Cry 2
FEAR
FEAR Extraction Point
FEAR Perseus Mandate
FEAR Perseus Mandate Demo
FooPets Desktop
Game Booster
GameSpy Arcade
Ghost Recon Advanced Warfighter
Google Chrome
Google Update Helper
GRAW Patch 1.35
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 2005
Hoyle Card Games 2005
Intel Application Accelerator
Intel(R) 537EP V9x DF PCI Modem
InterActual Player
Internet Explorer (Enable DEP)
IrfanView (remove only)
iTunes
IZArc 3.81
Java Auto Updater
Java(TM) 6 Update 20
JumpStart World Presents Pet Playground
Junk Mail filter update
Key Advantage Typing
Lexar Backup n Sync
Magic Notes V3.5
Malwarebytes' Anti-Malware
Medal of Honor Pacific Assault(tm)
MGI PhotoSuite II SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Media Manager 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Outlook Hotmail Connector 32-bit
Microsoft Picture It! 2.0
Microsoft Picture It! Library 10
Microsoft Picture It! Premium 10
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft Streets and Trips 2004
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 4.5
Microsoft Works Setup Launcher
Microsoft XML Parser
Mozilla Firefox (3.0.10)
MSN Music Assistant
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
OGA Notifier 2.0.0048.0
OLYMPUS CAMEDIA Master 2.0
OpenAL
overland
Painkiller
Painkiller Resurrection Demo
Paint.NET v3.36
Pet Vet 3D Animal Hospital
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
Pinnacle PCI Performance Enhancer
Power DVD Rip Studio v1.1.7.66
PowerDVD 5.3
Presto! BizCard 4.1 Eng
PrimoPDF -- by Nitro PDF Software
proDAD Heroglyph 2.5
QuickTime
Registry Repair 2.4
Revo Uninstaller 1.87
RussianNow!
S.T.A.L.K.E.R. - Shadow of Chernobyl
ScanSoft OmniPage SE 4.0
Scooby-Doo(TM), Case File #1 The Glowing Bug Man
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Skype™ Beta 4.0
Smart Defrag 1.20
SmartSound Quicktracks Plugin
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Audigy 2 ZS
Studio 10 Bonus DVD
Studio 10.8 Patch
SUPERAntiSpyware Free Edition
SureThing CD Labeler - Stomper Edition 32 bit
System Requirements Lab
Tom Clancy's Ghost Recon Advanced Warfighter® 2
Tom Clancy's Rainbow Six Vegas 2
Try Corel Snapfire muvee autoProducer add on
ubi.com
Ultimate Mahjongg 15
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb2279264)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Ventrilo Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
WebFldrs XP
WinAce Archiver
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows Search 4.0
Windows XP Service Pack 3
WinZip
Wolfenstein
WONswap
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
YouTube Downloader 2.5.6

==== End Of File ===========================
 
Okay, we need to check to see if the system actually has the missing sections. You have an enormous number of installed programs. Since the information didn't print out in the log, I can tell about the used/free space on the hard drive>

Click on the Control Panel> Administrative Tools> Do you have these sections:

  • [*]Component Services
    [*]Computer Management
    [*]Data Surce (ODBC)
    [*]Event Viewer
    [*]Performance
    [*]Services

Click on the + sign in Computer Management. Does the tree on the left have the following 3 sections:

  • [*]System Tools
    [*]Storage
    [*]Services and applications

Click on the + sign in System Tools. Does the tree on the left have the following 3 sections:

  • [*]Event viewer
    [*] Shared Folders
    [*]Performance logs and alerts.
Click on the + sign in Services and applications. Does the tree have the following:
  • Services
  • WMI Control
  • Indexing Service.

Using Windows Explorwer: Windows key + E:
Click on My Computer> Double click on Local Drive (C)> give me the numbers in GB for:

  • [*]Used
    [*]Free
    [*]Capacity

Are you missing any of these sections? Are any of the sections blank with no content?
 
Click on the Control Panel> Administrative Tools> Do you have these sections:

yes Component Services
yes Computer Management
yes Data Surce (ODBC)
yes Event Viewer
yes Performance
yes Services
Click on the + sign in Computer Management. Does the tree on the left have the following 3 sections:

yes System Tools
yes Storage
yes Services and applications

Click on the + sign in System Tools. Does the tree on the left have the following 3 sections:

yes Event viewer
yes Shared Folders
yes Performance logs and alerts.
And others: Local Users and Groups; Device Manager

Click on the + sign in Services and applications. Does the tree have the following:
yes Services
yes WMI Control
yes Indexing Service.

Using Windows Explorwer: Windows key + E:
Click on My Computer> Double click on Local Drive (C)> give me the numbers in GB for:

• Used -132
• Free – 16.3
• Capacity - 149

Are you missing any of these sections? NO
Are any of the sections blank with no content? NO

We do have a lot of programs installed, there are three users right now, and was four before our son went off to higher education recently. I uninstalled some games, and probably need to clean out some of the utilities
 
This is very frustrating! Even such simple, mundane tasks as highlighting a section of text, or placing a cursor is a frustrating chore with whatever it is going!
 
You've only got 12% of the hard drive free- not surprising with all that's installed. You are asking a lot of that system. Try to run this program- it will give me another view of the drivers and Services:

Please download ComboFix from Here and save to your Desktop.

  • [1]. Do NOT rename Combofix unless instructed.
    [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3].Close any open browsers.
    [4]. Double click combofix.exe & follow the prompts to run.
  • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
    [5]. If Combofix asks you to install Recovery Console, please allow it.
    [6]. If Combofix asks you to update the program, always allow.
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
Note: Make sure you re-enable your security programs, when you're done with Combofix..

I'm asking someone about the ? marks in Services and drivers.
 
The problem with the computer started just recently, about a week ago. The C:\Drive has been packed for awhile. And lots of the programs listed are probably on my second drive, J:\. Everything was working and running just fantastic since you've helped me before, until just recently. I was suspecting that my daughter went on a wrong website, and picked up something nasty.


ComboFix 10-09-01.02 - Pyotr 09/01/2010 20:30:06.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2351 [GMT -4:00]
Running from: c:\documents and settings\Pyotr\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
c:\documents and settings\Pyotr\Application Data\inst.exe
c:\program files\UNWISE.EXE
C:\Thumbs.db
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-08-02 to 2010-09-02 )))))))))))))))))))))))))))))))
.

2010-09-01 07:00 . 2010-09-01 07:00 -------- d-----w- c:\windows\LastGood
2010-08-31 19:20 . 2006-08-24 21:00 9216 ----a-w- c:\windows\system32\escdev.dll
2010-08-31 19:20 . 2006-10-13 04:00 65793 ----a-w- c:\windows\system32\esfw54.bin
2010-08-31 19:20 . 2006-10-13 04:00 63488 ----a-w- c:\windows\system32\eswia54.dll
2010-08-31 19:20 . 2006-05-23 04:00 172032 ----a-w- c:\windows\system32\esint54.dll
2010-08-31 19:20 . 2006-03-10 04:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2010-08-31 19:19 . 2010-08-31 19:19 -------- d-----w- C:\EPSON
2010-08-30 01:23 . 2010-08-30 01:23 -------- d-----w- C:\Copy of My Music
2010-08-29 15:27 . 2010-08-29 15:27 -------- d-----w- c:\program files\ESET
2010-08-27 06:38 . 2010-08-27 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-11 16:11 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-08-11 16:11 . 2010-08-11 16:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-11 16:09 . 2010-08-11 16:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-05 19:01 . 2010-08-05 19:01 -------- d-----w- c:\program files\i2k Quickage
2010-08-03 16:25 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-08-03 16:25 . 2008-04-13 21:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-08-03 15:15 . 2010-08-03 15:15 -------- d-----w- c:\documents and settings\Olga\Local Settings\Application Data\Skype
2010-08-03 03:44 . 2010-08-30 12:03 -------- d-----w- c:\documents and settings\Olga\Application Data\skypePM
2010-08-03 03:37 . 2010-08-30 15:33 -------- d-----w- c:\documents and settings\Olga\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 19:42 . 2009-04-05 18:52 -------- d-----w- c:\program files\Ashampoo
2010-09-01 00:44 . 2006-08-12 05:16 -------- d-----w- c:\program files\Activision
2010-09-01 00:44 . 2006-07-28 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 00:41 . 2006-11-13 20:31 -------- d-----w- c:\program files\Electronic Arts
2010-09-01 00:25 . 2009-02-08 17:10 -------- d-----w- c:\program files\IObit
2010-08-31 23:51 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2010-08-31 23:51 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2010-08-31 19:20 . 2008-04-30 22:52 -------- d-----w- c:\program files\epson
2010-08-31 12:24 . 2009-01-04 19:52 -------- d-----w- c:\program files\VideoLAN
2010-08-28 15:17 . 2007-11-19 23:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\GlarySoft
2010-08-27 06:37 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-25 02:38 . 2008-05-02 22:00 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Skype
2010-08-24 20:27 . 2009-11-16 15:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\skypePM
2010-08-19 03:01 . 2010-04-12 13:11 117760 ----a-w- c:\documents and settings\Pyotr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-18 09:02 . 2009-08-05 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 07:25 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\Sasha\Application Data\Skype
2010-08-12 04:02 . 2008-04-22 20:12 -------- d-----w- c:\documents and settings\Sasha\Application Data\skypePM
2010-08-12 02:23 . 2007-05-06 22:27 141240 ----a-w- c:\documents and settings\Olga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-11 16:11 . 2008-05-17 16:48 -------- d-----w- c:\program files\Windows Live
2010-08-11 16:09 . 2009-03-01 17:42 -------- d-----w- c:\program files\Microsoft
2010-08-11 16:03 . 2006-08-08 17:35 141240 ----a-w- c:\documents and settings\Sasha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-05 19:01 . 2010-07-18 12:24 -------- d-----w- c:\documents and settings\Pyotr\Application Data\i2k Quickage
2010-08-02 18:57 . 2010-08-02 18:57 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-08-02 18:57 . 2010-08-02 18:57 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-08-02 18:57 . 2010-08-02 18:57 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-08-02 18:57 . 2010-08-02 18:57 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-07-18 12:23 . 2010-07-18 12:15 -------- d-----w- c:\program files\QR Photo DVD Slideshow
2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
2010-07-18 12:23 . 2009-01-04 19:20 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Vso
2010-07-18 12:16 . 2006-07-31 16:28 141240 ----a-w- c:\documents and settings\Pyotr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-18 12:15 . 2009-01-04 19:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-16 13:16 . 2010-05-09 22:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:16 . 2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:16 . 2010-05-09 22:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 11:40 . 2010-07-16 11:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-16 11:38 . 2010-07-16 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-14 13:37 . 2009-04-04 03:50 -------- d-----w- c:\program files\MSBuild
2010-07-14 13:36 . 2010-07-14 13:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-14 13:20 . 2008-05-17 16:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-07 06:05 . 2010-04-14 16:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-12 13:30 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-07-28 02:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-08-29 16:48 . 2006-08-29 16:51 1438 ----a-w- c:\program files\FAMILY.CRD
2006-08-23 17:54 . 2006-08-29 16:50 14897 ----a-w- c:\program files\USBP.CRD
2006-06-27 19:19 . 2006-08-29 16:49 6658 ----a-w- c:\program files\HOME.CRD
2006-05-07 03:00 . 2006-08-29 16:49 17077 ----a-w- c:\program files\PHONES.CRD
2005-06-08 00:17 . 2006-07-28 08:03 7052088 ----a-w- c:\program files\Photoshop_albumSE_en_us_300.exe
2003-09-08 19:13 . 2006-08-29 16:50 1045 ----a-w- c:\program files\B-DAYS.CRD
2002-01-17 22:38 . 2006-08-29 16:51 1508 ----a-w- c:\program files\CONTACTS.CRD
1993-11-01 08:11 . 2006-08-29 16:49 93184 ----a-w- c:\program files\CARDFILE.EXE
2007-07-27 15:32 . 2007-07-27 15:32 8 --sh--r- c:\windows\system32\6617DEA441.sys
2007-08-05 06:46 . 2007-07-27 15:32 8762 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=c:\windows\pss\Introducing Media Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=c:\documents and settings\Pyotr\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-23 22:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 15:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 16:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 18:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 05:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 13:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 14:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 18:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 19:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 05:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 08:07 199752 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"SQLAgent$PINNACLESYS"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"PnkBstrB"=3 (0x3)
"PnkBstrA"=2 (0x2)
"PinnacleSys.MediaServer"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$PINNACLESYS"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\Lockdown.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\windows\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"j:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW-standalone.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\LockdownDed.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Magic Notes\\Sticky32.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"j:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service
"2441:UDP"= 2441:UDP:Windows Media Format SDK (iexplore.exe)
"2440:UDP"= 2440:UDP:Windows Media Format SDK (iexplore.exe)
"4598:TCP"= 4598:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2010 6:10 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2010 6:10 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:16 AM 308136]
R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 3:50 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - DMADMIN
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-12 13:18]

2010-08-29 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]

2010-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]
.
.
 
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
IE: Send Image to Photo Library - file://c:\program files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Pyotr\Application Data\Mozilla\Firefox\Profiles\sa12336g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-EEventManager - c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-01 20:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1229272821-1757981266-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:ca,72,25,ee,c8,0b,fd,82,24,30,33,2e,be,8b,90,85,12,11,9f,af,eb,
21,58,ab,2a,ab,26,d6,87,4e,25,dd,f2,34,3c,9b,99,df,59,3d,e2,f8,11,f6,8f,79,\
"rkeysecu"=hex:b7,7e,58,ac,b9,69,01,b1,e7,61,cf,60,d0,0a,eb,0f

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-09-01 20:38:20
ComboFix-quarantined-files.txt 2010-09-02 00:38
ComboFix2.txt 2010-04-24 21:32

Pre-Run: 18,428,936,192 bytes free
Post-Run: 18,532,241,408 bytes free

- - End Of File - - AEF670044B821BC3DBFF4D1BCD245413
 
Pete, I went back and reviewed the cleaning from April. I can't believe I didn't say anything about WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!. This Combofix still shows that. You really need to get this. Is there some reason you didn't allow it the times you ran Combofix?

What is the little icon to the left of all the 'Yes' when I had you review the Administrative Tools?. Do you by chance have another language on the system?

You need to tighten up your firewall. You have all the games, plus other programs, allowed firewall passage. This is on both C and J drive. I note also that you have the Chkdsk set to autostart on boot and you have Belarc running. You don't need the error checking on every boot and Belarc can check the system when you launce it- no need to keep it running in the background.

Please run this Custom CFScript


  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad and copy/paste the text in the code below into it:
Code: 
File::
c:\windows\system32\drivers\srv.sys
c:\windows\system32\wininet.dll
Folder::
c:\program files\Microsoft
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=-
[HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=-
[HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=-
backup=-

RegNull::
[HKEY_USERS\S-1-5-21-1229272821-1757981266-839522115-1003\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


RegLockDel::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=-

Driver::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please attach to your next reply.
====================
Go on to next reply when through.
 
After running the script:


Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner
  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the Active X control to install
  4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
  5. Click Start
  6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
  7. Click Scan
  8. Wait for the scan to finish
  9. Re-enable your Antivirus software.
  10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
===============================
Remove thumbs.db: C:\Thumbs.db removed in Combofix
This file is a cache of the thumbnail pictures in a directory. It speeds up the showing of thumbnails when you are viewing a folder in Thumbnail view.
thumbdb.gif


While this might be a convenience, it takes up disk space. The space may be small, but is cumlulative and if you have a lot of thumbs.db files on your hard drive you may be able to save some valuable space by removing them.

From PCHell Support:
To turn this feature off, do the following:
  1. Open My Computer
  2. Click on Tools> Folder Options> View Tab
  3. Check "Do not cache thumbnails"
  4. Click Apply> Ok
  5. Close My Computer

Follow the next steps to remove the thumbs.db files from your hard drive
  1. Click on Start
  2. Click on Search
  3. Click on All Files and Folders
  4. Type the following in the section called "all or part of the file name"
    thumbs.db
  5. In the Look in box, make sure Local Hard Drives is chosen
  6. Click Search
  7. A long list of thumbs.db files should appear, click on Edit, Select All
  8. Click on File, and choose Delete
  9. Close the Search Results window
Click to expand...

If you are low on disk space and dont use the Thumbnail view to show your files, this may save you some valuable disk space.
NOTE: This does not delete images and you can still view in thumbnails by changing the view screen.
 
Combofix tried to install the recovery console, but I got an error message" C:\Boot.ini is not correctly formated" Can I do something to fix that?

I'll be running the CF right now, will post the log
 
ComboFix 10-09-01.04 - Pyotr 09/02/2010 23:53:23.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2463 [GMT -4:00]
Running from: c:\documents and settings\Pyotr\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pyotr\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\drivers\srv.sys"
"c:\windows\system32\wininet.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft
c:\program files\Microsoft\Office Live\muauth.cab
c:\program files\Microsoft\Office Live\npOLW.dll
c:\program files\Microsoft\Office Live\OfficeLiveSignIn.exe
c:\program files\Microsoft\Office Live\OLConnector.dll
c:\program files\Microsoft\Office Live\OLConnectorResources.dll
c:\program files\Microsoft\Search Enhancement Pack\Choice Guard\CGuard.exe
c:\program files\Microsoft\Search Enhancement Pack\Choice Guard\ChoiceGuard.dll
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft\Search Enhancement Pack\Search Box Extension\SRCHBXEX.DLL
c:\program files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
c:\program files\Microsoft\Search Enhancement Pack\SeaShadow\SEASHADO.DLL
C:\Thumbs.db
c:\windows\system32\drivers\srv.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SeaPort
-------\Legacy_SeaPort
-------\Service_SeaPort
-------\Service_SeaPort


((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-08-31 19:20 . 2006-08-24 21:00 9216 ----a-w- c:\windows\system32\escdev.dll
2010-08-31 19:20 . 2006-10-13 04:00 65793 ----a-w- c:\windows\system32\esfw54.bin
2010-08-31 19:20 . 2006-10-13 04:00 63488 ----a-w- c:\windows\system32\eswia54.dll
2010-08-31 19:20 . 2006-05-23 04:00 172032 ----a-w- c:\windows\system32\esint54.dll
2010-08-31 19:20 . 2006-03-10 04:00 3584 ----a-w- c:\windows\system32\eswiaml.dll
2010-08-31 19:19 . 2010-08-31 19:19 -------- d-----w- C:\EPSON
2010-08-30 01:23 . 2010-08-30 01:23 -------- d-----w- C:\Copy of My Music
2010-08-29 15:27 . 2010-08-29 15:27 -------- d-----w- c:\program files\ESET
2010-08-27 06:38 . 2010-08-27 06:38 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-11 16:11 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-08-11 16:11 . 2010-08-11 16:11 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-08-11 16:09 . 2010-08-11 16:09 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-08-05 19:01 . 2010-08-05 19:01 -------- d-----w- c:\program files\i2k Quickage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 04:01 . 2010-05-25 01:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 04:00 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2010-09-03 04:00 . 2007-02-17 06:25 384 ----a-w- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-20061102}.dat
2010-09-02 22:22 . 2006-07-28 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-01 19:42 . 2009-04-05 18:52 -------- d-----w- c:\program files\Ashampoo
2010-09-01 00:44 . 2006-08-12 05:16 -------- d-----w- c:\program files\Activision
2010-09-01 00:41 . 2006-11-13 20:31 -------- d-----w- c:\program files\Electronic Arts
2010-09-01 00:25 . 2009-02-08 17:10 -------- d-----w- c:\program files\IObit
2010-08-31 19:20 . 2008-04-30 22:52 -------- d-----w- c:\program files\epson
2010-08-31 12:24 . 2009-01-04 19:52 -------- d-----w- c:\program files\VideoLAN
2010-08-30 15:33 . 2010-08-03 03:37 -------- d-----w- c:\documents and settings\Olga\Application Data\Skype
2010-08-30 12:03 . 2010-08-03 03:44 -------- d-----w- c:\documents and settings\Olga\Application Data\skypePM
2010-08-28 15:17 . 2007-11-19 23:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\GlarySoft
2010-08-27 06:37 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-25 02:38 . 2008-05-02 22:00 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Skype
2010-08-24 20:27 . 2009-11-16 15:38 -------- d-----w- c:\documents and settings\Pyotr\Application Data\skypePM
2010-08-19 03:01 . 2010-04-12 13:11 117760 ----a-w- c:\documents and settings\Pyotr\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-18 09:02 . 2009-08-05 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-12 07:25 . 2008-04-22 20:09 -------- d-----w- c:\documents and settings\Sasha\Application Data\Skype
2010-08-12 04:02 . 2008-04-22 20:12 -------- d-----w- c:\documents and settings\Sasha\Application Data\skypePM
2010-08-12 02:23 . 2007-05-06 22:27 141240 ----a-w- c:\documents and settings\Olga\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-11 16:11 . 2008-05-17 16:48 -------- d-----w- c:\program files\Windows Live
2010-08-11 16:03 . 2006-08-08 17:35 141240 ----a-w- c:\documents and settings\Sasha\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-05 19:01 . 2010-07-18 12:24 -------- d-----w- c:\documents and settings\Pyotr\Application Data\i2k Quickage
2010-07-18 12:23 . 2010-07-18 12:15 -------- d-----w- c:\program files\QR Photo DVD Slideshow
2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
2010-07-18 12:23 . 2009-01-04 19:20 47360 ----a-w- c:\documents and settings\Pyotr\Application Data\pcouffin.sys
2010-07-18 12:23 . 2009-01-04 19:20 -------- d-----w- c:\documents and settings\Pyotr\Application Data\Vso
2010-07-18 12:16 . 2006-07-31 16:28 141240 ----a-w- c:\documents and settings\Pyotr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-18 12:15 . 2009-01-04 19:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-07-16 13:16 . 2010-05-09 22:10 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-16 13:16 . 2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-16 13:16 . 2010-05-09 22:10 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-16 11:40 . 2010-07-16 11:38 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-16 11:38 . 2010-07-16 11:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-14 13:37 . 2009-04-04 03:50 -------- d-----w- c:\program files\MSBuild
2010-07-14 13:36 . 2010-07-14 13:36 -------- d-----w- c:\program files\Microsoft.NET
2010-07-14 13:20 . 2008-05-17 16:59 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-07 06:05 . 2010-04-14 16:46 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-30 12:31 . 2004-08-12 13:27 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-12 13:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-12 13:33 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03 . 2004-08-12 13:19 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2006-07-28 02:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-12 13:23 1172480 ----a-w- c:\windows\system32\msxml3.dll
2006-08-29 16:48 . 2006-08-29 16:51 1438 ----a-w- c:\program files\FAMILY.CRD
2006-08-23 17:54 . 2006-08-29 16:50 14897 ----a-w- c:\program files\USBP.CRD
2006-06-27 19:19 . 2006-08-29 16:49 6658 ----a-w- c:\program files\HOME.CRD
2006-05-07 03:00 . 2006-08-29 16:49 17077 ----a-w- c:\program files\PHONES.CRD
2005-06-08 00:17 . 2006-07-28 08:03 7052088 ----a-w- c:\program files\Photoshop_albumSE_en_us_300.exe
2003-09-08 19:13 . 2006-08-29 16:50 1045 ----a-w- c:\program files\B-DAYS.CRD
2002-01-17 22:38 . 2006-08-29 16:51 1508 ----a-w- c:\program files\CONTACTS.CRD
1993-11-01 08:11 . 2006-08-29 16:49 93184 ----a-w- c:\program files\CARDFILE.EXE
2007-07-27 15:32 . 2007-07-27 15:32 8 --sh--r- c:\windows\system32\6617DEA441.sys
2007-08-05 06:46 . 2007-07-27 15:32 8762 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-09-02_00.36.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-03 04:02 . 2010-09-03 04:02 16384 c:\windows\Temp\usgthrsvc\Perflib_Perfdata_638.dat
+ 2010-09-03 04:02 . 2010-09-03 04:02 16384 c:\windows\Temp\Perflib_Perfdata_360.dat
+ 2010-09-03 04:02 . 2010-09-03 04:02 16384 c:\windows\Temp\Perflib_Perfdata_2d0.dat
- 2010-06-05 07:01 . 2010-06-05 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-05 07:01 . 2010-09-02 07:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2004-08-12 13:26 . 2010-09-01 00:06 521626 c:\windows\system32\perfh009.dat
+ 2004-08-12 13:26 . 2010-09-03 04:06 521626 c:\windows\system32\perfh009.dat
+ 2004-08-12 13:26 . 2010-09-03 04:06 104536 c:\windows\system32\perfc009.dat
- 2004-08-12 13:26 . 2010-09-01 00:06 104536 c:\windows\system32\perfc009.dat
- 2008-10-14 23:10 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2004-08-12 13:30 . 2010-06-21 15:27 354304 c:\windows\system32\dllcache\srv.sys
+ 2010-09-02 22:24 . 2010-09-02 22:24 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2010-09-02 22:25 . 2010-09-02 22:25 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-09-02 22:25 . 2010-09-02 22:25 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-09-02 22:25 . 2010-09-02 22:25 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-09-02 22:25 . 2010-09-02 22:25 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-09-02 22:25 . 2010-09-02 22:25 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:45 . 2010-06-13 18:45 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:45 . 2010-06-13 18:45 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:45 . 2010-06-13 18:45 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:45 . 2010-06-13 18:45 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:46 . 2010-06-13 18:46 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:45 . 2010-06-13 18:45 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 22:24 . 2010-09-02 22:24 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-06-13 18:45 . 2010-06-13 18:45 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-09-02 07:00 . 2010-09-02 07:00 20303872 c:\windows\Installer\6a6d209.msp
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-16 2065760]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-16 13:16 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\C\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Introducing Media Manager.lnk]
backup=c:\windows\pss\Introducing Media Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Pyotr^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter® 2.LNK]
path=c:\documents and settings\Pyotr\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter® 2.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter® 2.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-23 22:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-06-29 15:23 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 16:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 18:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 05:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-01-09 13:21 253952 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-01-13 14:19 757760 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-01-13 18:05 69632 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 19:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 05:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 08:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 08:07 199752 ----a-w- c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Viewpoint Manager Service"=2 (0x2)
"SQLAgent$PINNACLESYS"=3 (0x3)
"ProtexisLicensing"=2 (0x2)
"PnkBstrB"=3 (0x3)
"PnkBstrA"=2 (0x2)
"PinnacleSys.MediaServer"=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQL$PINNACLESYS"=2 (0x2)
"MDM"=2 (0x2)
"iPodService"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"=
"c:\\Program Files\\NovaLogic\\Joint Operations Typhoon Rising\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\Lockdown.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\windows\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter 2\\graw2_dedicated.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARMP.exe"=
"c:\\Program Files\\Sierra Entertainment\\FEAR Perseus Mandate\\FEARXP2.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEARXP\\FEARXP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"j:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"j:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW-standalone.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MP.exe"=
"c:\\Program Files\\Activision\\Wolfenstein\\MP\\Wolf2MPLite.exe"=
"j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"j:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas 2\\Binaries\\R6Vegas2_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Red Storm Entertainment\\Rainbow Six Lockdown\\LockdownDed.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Magic Notes\\Sticky32.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"j:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"j:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"j:\\Program Files\\NovaLogic\\Delta Force Xtreme 2\\dfx2.exe"=
"j:\\Program Files\\NovaLogic\\Delta Force Xtreme 2\\UPDATE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:*:Disabled:DHCP Discovery Service
"2441:UDP"= 2441:UDP:Windows Media Format SDK (iexplore.exe)
"2440:UDP"= 2440:UDP:Windows Media Format SDK (iexplore.exe)
"4598:TCP"= 4598:TCP:*:Disabled:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:*:Disabled:Akamai NetSession Interface

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 11:11 AM 35328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2010 6:10 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2010 6:10 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 11:15 AM 66632]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 9:16 AM 308136]
R2 MMIndexer;Media Manager Indexer;c:\program files\Common Files\Microsoft Shared\Media Manager\AIRSVCU.EXE [7/15/1997 136704]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/21/2009 3:50 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 11:15 AM 12872]
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-12 13:18]

2010-08-29 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-12 00:12]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]

2010-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-21 19:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Pyotr\Application Data\Mozilla\Firefox\Profiles\sa12336g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-03 01:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3932)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\UnToAnsi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\snmp.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-09-03 01:31:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-03 05:31
ComboFix2.txt 2010-09-02 00:38
ComboFix3.txt 2010-04-24 21:32

Pre-Run: 18,300,141,568 bytes free
Post-Run: 18,323,468,288 bytes free

- - End Of File - - 46C1F27F7631E18B2399AFA05A8BB4C3
 
I just deleted the thumbs files. Even that was a chore. It wouldn't let me just highlight all of the files and deleted them, kept giving me an error msg. Had to deleted them one by one.

Seems like a click of the mouse all of a sudden registers as two clicks, which would account for not being able to place a cursor within a text, without highlighting it, and other assorted ills.
 
Status
Not open for further replies.

Similar threads

midian182
Neuralink video shows quadriplegic patient who can play chess and video games with his...
Replies
15
Views
237
quadibloc
quadibloc
Julio Franco
Are return-to-office mandates actually masquerading as "quiet firing"?
Replies
0
Views
72
Julio Franco
Julio Franco
Daniel Sims
A strange object in space has been blinking roughly once every half hour since 1988
Replies
4
Views
405
scavengerspc
scavengerspc

Latest posts

Back